US bank urges iPhone app update due to data storage risk

By on

Mobile banking app saved confidential information.

Citigroup has released an update to its iPhone mobile banking application after it was discovered that the previous version, unbeknownst to users, saved confidential account information in a hidden file on their devices.

The prior version of the Citi Mobile application also may have saved the same data onto users' computers if they synced their iPhone to their computer using iTunes.

"This update deletes any Citi Mobile information that may have been saved to their iPhone or computer, and it eliminates the possibility that this will occur in the future," said a Citigroup statement.

The statement said that no other Citi mobile programs were affected and that there is no reason to believe that any sensitive data was accessed as a result of the issue.

Neil MacDonald, a vice president and fellow at research firm Gartner, said users should expect to see similar incidents in the future due to poor developer design and a lack of security vetting by owners of application stores, such as Apple.

In the case of Apple, the company should conduct testing and provide developers with clear guidelines, such as how sensitive information must be handled, MacDonald told SCMagazineUS.com. This is especially critical because users tend to trust any mobile application they find in stores.

"I think because of that implied responsibility, Apple needs to step up the testing it performs," he said. "I'd say the same of Google [maker of the Android] and Microsoft [maker of Windows Phone 7]."

Meanwhile, Macdonald said developers such as Citigroup must implement similar guidelines and conduct threat modeling, a process that will help determine things such as where sensitive data is being stored, how a hacker might be able to access such data and whether the user is being properly notified of any data being stored.

He said that many times developers make mistakes in a rush to distribute a product.

"You cannot overlook security in the development process, even if it is agile development," MacDonald said.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?