Connect with us

Hi, what are you looking for?


Filipino fintech app users say security is as important as user experience, features

A RESILIENT economy bolstered by robust fundamentals and a potential rebound make 2023 a good year for Filipinos to build and diversify their investment portfolios, according to local market analysts.

This bullish outlook, coupled with financial technology (fintech) and trading and investment apps that make buying and selling stocks and trading currencies easier than ever, are reasons to be optimistic.

The Filipino digital wave is surging on the back of 168.3-million cellular mobile connections (144.5% of the population). Research also revealed that 76.7% of local consumers increased their mobile app use over the past 12 months, with e-wallet adoption and usage on the rise.

Filipinos have also embraced crypto. The Philippines is the second-ranked country in the 2022 Global Crypto Adoption Index released by blockchain analysis firm, Chainalysis, which tracks the most active cryptocurrency nations. Many Filipinos are also drawn towards digital tokens through blockchain games like Axie Infinity, with up to 40% of players coming from the Philippines at one stage.

Most Filipinos likewise have high expectations when it comes to mobile app security, according to Appdome’s recent survey. Many rank security as important as a great user experience. They have good reason to demand the best because studies show that 77% of financial apps have at least one vulnerability. By exploiting weaknesses, hackers can break through encrypted apps to access payment data. So, whether you are a digital investor or an investment app developer, here are some of the common security threats to be aware of today:


Fake financial services apps are a big threat. One app masquerading as an Asian trading company targeted social media and dating site users, and when they opened the app and inputted financial data, this triggered a fund transfer to cybercriminals. As most fake apps are published through a “Super Signature process‚” — bypassing security protections — anti-tampering solutions are recommended to deter hackers. Mobile Piracy Prevention, meanwhile, ensures that Android and iOS apps will not be copied or become Trojan apps when they are published in an app store.


Malware such as Xenomorph and Sharkbot use overlay attacks. This is when a fake screen or a window controlled by an attacker is placed on top of a legitimate application to trick users into revealing data. In a nutshell, malicious overlays are designed to mimic the original user interface of the app being targeted and can appear in the form of a button or a data entry field. It’s worth noting that blocking overlay attacks is required by law and regulators in many countries.


Private keys are the security essentials in crypto and decentralized finance. Stolen private keys allow hackers to steal from investors. While custodial wallets were provided to help investors manage their private keys, other offerings enabling users to self-manage their private keys have been introduced. These have risks as many crypto novices lack the expertise to manage a key.

Securing devices is also vital. Hackers can steal private keys and confidential information, and the risk is raised on a jailbroken or rooted device, when the original security protocols of a device are compromised, allowing attackers to control operating systems and payment and investment apps. Tools to block Magisk and detect jailbreak bypass tools such as Liberty Lite are highly recommended.


Looking at the top five attacks on investment apps, several were found to use an unencrypted SQL lite database in their Android app, which makes them vulnerable. Unencrypted data in the application sandbox or SD card in areas like NSUserDefaults or the clipboard are common channels targeted. Given this, data at rest encryption is recommended to protect data inside these areas. Hackers also target transactions, passwords, and passphrases, and enforcing SSL/TLS for communications, including minimum TLS version, and cipher suites are good protective measures.


Modified investment apps equipped with emulators, simulators, or on-device malware can be used to create fake accounts, perform malicious trades, and transfer cryptocurrency from one app to another. Implementing runtime application self-protection (RASP) methods, particularly anti-tampering, anti-debugging, and preventing emulators, is a way to guard against this.

Hackers constantly look for “easy marks‚” and if your app is missing one or two security features, scammers will exploit the defensive weakness. Investment app developers, therefore, must keep providing great services, as well as security to address new threats. It is a tough balancing act, but one that is nonnegotiable.

Jan Sysmans is the Mobile App Security Evangelist at Appdome.

Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!



The rapid advancement of digital technologies has gained momentum to a degree that it transformed almost every aspect of modern life. From enhanced and...


Massive construction activities that are ongoing and upcoming across Eastern, Central, and Western Visayas are further driving demand in the region’s construction industry this...


Amidst the picturesque Dole pineapple plantation, SATNET powered by Kacific bridges the connectivity gap. Have you ever wondered how a leading, remote food processing...


US dollar banknotes are seen in this illustration taken July 17, 2022. — REUTERS By Keisha B. Ta-asan, Reporter PHILIPPINE DOLLAR reserves slipped at...


PHILIPPINE STAR/MICHAEL VARCAS By Luisa Maria Jacinta C. Jocson, Reporter THE PHILIPPINE ECONOMY is likely to grow by 6% this year amid strong domestic...


By Kyle Aristophere T. Atienza, Reporter ECONOMISTS are worried about the alleged failure of Philippine lawmakers to take into account the health of state-owned...

You May Also Like


COVID-19 has had a significant impact on the mental health of Filipinos across different groups all over the archipelago. From frontline workers, parents balancing...


REUTERS By Luz Wendy T. Noble, Reporter The country’s foreign exchange buffers slightly increased as of end-October as the value of the central bank’s...


BW FILE PHOTO GROSS BORROWINGS by the National Government reached P2.6 trillion as of end-September as it continued to raise funds to respond to...


KARASOLAR.COM TENA, Ecuador — Ecuador’s rainforest Achuar people say their ancestors long dreamed of a “fire canoe” or “electric fish” that would let them...

Disclaimer: Respect, its managers, its employees, and assigns (collectively "The Company") do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2022 Respect Investment. All Rights Reserved.