Implementation of Zero-Trust Architecture in Mobile Applications of the Financial Sector
Keywords:
zero-trust architecture, mobile banking, fintech, mobile applications, cyber-resilienceAbstract
This article examines the rethinking of zero-trust architecture for mobile applications in the financial sector as a crystallization of the contemporary model of cyber-resilience amid explosive growth in mobile banking and the rise of specialized smartphone attacks. It is demonstrated that traditional perimeter-based security models do not provide the required level of protection in the context of a high density of vulnerabilities in client applications and the exponential increase in malicious activity, which predetermines the relevance of a transition to an approach in which every request and every action is treated as potentially untrusted. The purpose of the study is to conceptualize and specify the principles of zero-trust architecture at the mobile client level. The scientific novelty lies in shifting the center of gravity from an abstract trusted perimeter to a set of explicitly defined decision points across the interface, domain logic, and infrastructural library layers, as well as in introducing an application trust map, standardized interface components as carriers of security policy, and a unified software kit for authentication, session management, and authorization checks. The proposed roadmap, from constructing a trust map to the phased implementation of multi-step, risk-oriented authentication, enables transforming the zero-trust architecture from a one-time initiative into a continuous process embedded in the life cycle of mobile financial product development. The article is intended for researchers, architects, and practitioners engaged in the design and evolution of mobile solutions in the banking and fintech sectors.
References
[1] S. Burnett and K. Kinder, “Mobile Banking Statistics 2025: How Digital Finance is Redefining Banking,” CoinLaw, 2025. https://coinlaw.io/mobile-banking-statistics/ (accessed Nov. 01, 2025).
[2] S. Schmelk et al., “Privacy and Security of Mobile Banking: A PRISMA-Centric Review of Android Finance Applications,” Lecture notes in networks and systems, vol. 1155, pp. 11–29, Jan. 2024, doi: https://doi.org/10.1007/978-3-031-73122-8_2.
[3] S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero trust architecture,” NIST Special Publication 800-207, Aug. 2020, doi: https://doi.org/10.6028/nist.sp.800-207.
[4] C. Daah, A. Qureshi, I. Awan, and S. Konur, “Enhancing Zero Trust Models in the Financial Industry through Blockchain Integration: A Proposed Framework,” Electronics, vol. 13, no. 5, p. 865, Jan. 2024, doi: https://doi.org/10.3390/electronics13050865.
[5] Okta, “The State of Zero Trust Security 2023,” Okta, 2023. Accessed: Nov. 04, 2025. [Online]. Available: https://www.okta.com/sites/default/files/2023-09/SOZT_Report.pdf
[6] Kaspersky, “Banking data theft attacks on smartphones triple in 2024,” Kaspersky, Mar. 03, 2025. https://www.kaspersky.com/about/press-releases/banking-data-theft-attacks-on-smartphones-triple-in-2024-kaspersky-reports (accessed Nov. 05, 2025).
[7] D. Javaheri, M. Fahmideh, H. Chizari, P. Lalbakhsh, and J. Hur, “Cybersecurity threats in FinTech: A systematic review,” Expert Systems with Applications, vol. 241, p. 122697, May 2024, doi: https://doi.org/10.1016/j.eswa.2023.122697.
[8] P. V. Falade and G. B. Ogundele, “Vulnerability Analysis of Digital Banks’ Mobile Applications,” Arxiv, Feb. 2023, doi: https://doi.org/10.48550/arxiv.2302.07586.
[9] Owasp, “MASTG-KNOW-0015: Certificate Pinning,” Owasp. https://mas.owasp.org/MASTG/knowledge/android/MASVS-NETWORK/MASTG-KNOW-0015/ (accessed Nov. 08, 2025).
[10] Owasp, “Mobile App Authentication Architectures,” Owasp. https://mas.owasp.org/MASTG/0x04e-Testing-Authentication-and-Session-Management/#stateless-authentication (accessed Nov. 09, 2025).
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Pankiv Oleg
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors who submit papers with this journal agree to the following terms.
