In this paper, we analyze vulnerability of some mobile banking and payment applications on Android platforms. This analysis aims at performing vulnerability assessments, facilitating an informed assessment of the information security and privacy risks that mobile banking and payment applications face in African countries, and creating awareness in the research and practice communities. We especially try to assess the risks of attacks related to privacy and data confidentiality by checking access permissions and code vulnerability of these applications. Another purpose of our work is to enable users, businesses and governments to take advantage of the opportunities offered by mobile banking and payment applications while minimising the information security risks to which they are exposed.