You may be out more than just the cost of your smartphone when you lose it – your mobile banking apps may open doors to even greater financial harm.
Sensitive data was stored insecurely in 25% of mobile financial applications, according to a July study by viaForensics, an Illinois-based digital forensics and security firm.
The study handed out a “pass”, “warn”, or “fail” rating to 32 financial apps, on the iPhone and Android platforms, based on whether or not viaForensics was able to retrieve sensitive user information from mobile devices.
The company applies digital forensic practices to address the vulnerabilities of mobile apps in the event that a user loses their smartphones. Can someone pull vital information from these mobile devices to commit fraud?
Many of the financial apps failed the test because “we recovered the user password or other sensitive user data was found stores on the device,” the study reported.
“On some financial apps we were able to recover payment history, partial credit card numbers and other transaction-related data. Others cached security PIN or username/password.”
The mobile financial apps that failed the via forensics test included Mint (iPhone and Android), Wikinvest (iPhone), and Square (iPhone).
Approximately 31% of the financial apps received a “warn” rating, which meant that usernames or some application data was accessible but did not pose a major risk to the user. The remaining 44% of financial apps passed the test when sensitive user data was either absent or encrypted on mobile devices.
For comparison, none of the popular social media networking apps – including those from Twitter, Facebook, and LinkedIn – passed the test. Neither did any of the reviewed retail apps – including those from Groupon, eBay, and Amazon Mobile.
To view the ratings for tested financial and banking apps from viaForensic, click here.