Insecurity of iOS Banking Apps

iosactiveIOActive has an analysis of the security of 40 iOS banking apps. Analysis is usually of Android apps so it’s interesting to see that iOS suffers from similar security problems.

  • ioactivebankingsecuritysummary12.5% did not validate SSL certificates
  • 35% contained non-SSL links
  • 30% were vulnerable to JavaScript injections via insecure UIWebView
  • 40% leaked user information

Usually, I am relatively permissive when I use my phone for personal use but doing banking via mobile is still something I choose not to do.