Home > Cyber Security > How secure is your Mobile Banking Application?

A recent client side only test of mobile banking applications that run on the iOS platform uncovered several vulnerabilities


  • 12.5% of the audited apps did not validate the authenticity of the SSL certificates presented, which makes them susceptible to Man-in-The-Middle (MiTM) attacks.
  • 35% of the apps contained non-SSL links throughout the application. This allows an attacker to intercept traffic and inject arbitrary JavaScript/HTML code in an attempt to create a fake login prompts or similar scams. 
  • 30% of the apps did not validate incoming data and were vulnerable to JavaScript injections via insecure UIWebView implementations allowing client-side attacks.
  • 42.5% of the apps provided alternative authentication solutions to mitigate the risk of leaking user credentials and impersonal attacks.
  • Additionally the study also showed that 40% of the apps still leak information about user activity or client-server interactions, such as requests or responses from the server.