Although mobile banking apps fared better than retail, productivity and social networking apps in a security audit released today, banks still have work to do to protect customer data on mobile devices.
In the study conducted by viaForensics, 25% of the mobile banking programs analyzed received a "fail" rating. In most cases, these failures occurred because testers were able to recover a user password or other sensitive user data from a user's mobile device. In some cases, the apps cached a security PIN or a user name and password. In other instances testers were able to recover payment history, partial credit card numbers and other transaction-related data. About a third (31%) of mobile banking apps received a "Warn" grade because a user name or app data was present, but not considered a significant risk to the user. The remaining 44% of mobile banking apps passed the test.