This paper discusses the security posture of Android m-banking applications in Qatar. Since technology has developed over the years and more security methods are provided, banking is now heavily reliant on mobile applications for prompt service delivery to clients, thus enabling a seamless and remote transaction. However, such mobile banking applications have access to sensitive data for each bank customer which presents a potential attack vector for clients, and the banks. The banks, therefore, have the responsibility to protect the information of the client by providing a high-security layer to their mobile application. This research discusses m-banking applications for Android OS, its security, vulnerability, threats, and solutions. Two m-banking applications were analyzed and benchmarked against standardized best practices, using the combination of two mobile testing frameworks. The security weaknesses observed during the experimental evaluation suggest the need for a more robust security evaluation of a mobile banking application in the state of Qatar. Such an approach would further ensure the confidence of the end-users. Consequently, understanding the security posture would provide a veritable measure towards mbanking security and user awareness.

翻译：本文探讨了卡塔尔地区安卓移动银行应用的安全态势。随着技术多年发展及更多安全方法的提供，银行业已高度依赖移动应用向客户提供即时服务，从而实现无缝远程交易。然而，此类移动银行应用可访问每位银行客户的敏感数据，这为客户端及银行自身带来了潜在攻击向量。因此，银行有责任通过为其移动应用提供高安全层来保护客户信息。本研究讨论了安卓操作系统上的移动银行应用及其安全性、漏洞、威胁与解决方案。我们利用两种移动测试框架的组合，对两款移动银行应用进行了分析，并对照标准化最佳实践进行基准测试。实验评估中观察到的安全缺陷表明，卡塔尔国需对移动银行应用进行更稳健的安全评估。此类方法将进一步确保最终用户的信心。因此，理解安全态势将为移动银行安全及用户意识提供可靠的衡量标准。