Some time ago, we wrote an article on the mobile OS headache where we explained that today’s banks and fintechs must deal with +50% of their customer-base using devices that no longer receive security updates. While there is a growing list for how a device can get infected, the most common channels are:
- 3rd party applications that have tricked the user into installing something
- Security issues with the web browser
- Phishing-links over email or text messages
Google Android is by far the most common OS. Used in phones running as low as USD 30, Google has a history of being liberal with their software rights, allowing nearly anyone to make Android devices. This comes at a huge disadvantage as traditionally, the device producer provided all operating system updates. But today, Google enforces device vendors to supply just two years of updates. Google has become increasingly stricter with its updates, moving many of them from being vendor-provided to Play Store-provided. While this helps make updates more widely available even after vendors stop sending them to users, it also places the responsibility in the user’s hands to search for updates and download them themselves.
With Apple’s iOS, the situation is a bit simpler: Apple typically only releases updates for the latest major version of their mobile operating system. This means that as of November 2020, the iPhone 6s and up are fully supported. The iPhone 6s was released back in September 2015, so users receive updates for about 5 years. Of course, there are some cases where security updates for older versions of iOS are released as well, such as the latest series of security patches which aimed to protect devices from root-level malware infections after users visited certain web pages. Apple’s iOS is a lot more restrictive in the installation origin of applications, as it is not possible to install anything from anywhere except Apple’s walled garden, nor is it possible to install an alternative web browser engine. This gives a lot less freedom to the user, but it also means that there are fewer “entry points” for malware.
Who is Okay?
Okay is the fully PSD2 compliant Strong Customer Authentication platform that provides transaction and authentication security to apps, shielding the entire authentication process from any threats. We help all issuers, remittance services, and e-wallet providers comply with PSD2’s SCA requirements to deliver multiple authentication methods, including biometrics and strong security mechanisms at the point of transaction. Want to get to know us better? Visit okaythis.com.