Please join us tomorrow at the Change Seminar for the first of two talks
being given by CSE grad students at the upcoming ACM DEV
<> conference.  Fahad Pervaiz will be presenting on work
that explores security issues around mobile money applications.

*What:  *Let’s Talk Money: Evaluating the Security Challenges of Mobile
Money in the Developing World

*When:  *Tuesday,  Nov. 1

*Where: *The Allen Center, CSE 203


Digital money drives modern economies, and the global adoption of mobile
phones has enabled a wide range of digital financial services in the
developing world. Where there is money, there must be security, yet prior
work on mobile money has identified discouraging vulnerabilities in the
current ecosystem. We begin by arguing that the situation is not as dire as
it may seem—many reported issues can be resolved by security best practices
and updated mobile software.  To support this argument, we diagnose the
problems from two directions: (1) a large-scale analysis of existing fi-
nancial service products and (2) a series of interviews with 7 developers
and designers in Africa and South America.  We frame this assessment within
a novel, systematic threat model. In our large-scale analysis, we evaluate
197 Android apps and take a deeper look at 71 products to assess specific
organizational practices. We conclude that although attack vectors are
present in many apps, service providers are generally making intentional,
security-conscious decisions. The developer interviews support these
findings, as most participants demonstrated technical competency and
experience, and all worked within established organizations with regimented
code review processes and dedicated security teams.
change mailing list

Reply via email to