Citigroup instructed the users of its mobile iPhone banking app to upgrade immediately in the wake of a discovered security flaw, according to the Wall street Journal. Apparently, the mobile banking iPhone app (currently the 11th most popular finance app in the App Store) stores personal data from transaction in a hidden file on your phone. This information, when the iPhone is synced with a PC, is transferred to the PC, creating a dangerous vulnerability. The information stored included account numbers, bill payment histories and access codes.
Citigroup is reassuring its customers that they have no reason to believe that the data was breached or used maliciously by identity thieves or hackers. In a statement, Citigroup said, "We have no reason to believe that our customers' personal information has been accessed or used inappropriately by anyone.” They are currently undergoing internal investigations to find out why such a vulnerability wasn’t found in testing.
As the mobile app market continues to grow at amazing speeds, these kinds of security flaws are not uncommon in a world where the faster your app gets to market, the better it will likely perform. This is something to think about when jumping on the latest cool new functionality the mobile wireless world has to offer. John Hering, CEO of mobile security provider Lookout, says that this is becoming a bigger problem than most people expect.
“Most consumers and app developers don't know what is happening in their apps, because it is moving so fast. Apps are proliferating so quickly. We will see more and more of this."