Citigroup Inc. said its free U.S. mobile-banking application for Apple Inc.’s iPhone contained a security flaw and advised its customers to upgrade to a newer version that corrects the problem.
In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved information—including account numbers, bill payments and security access codes—in a hidden file on users’ iPhones. The information may also have been saved to a user’s computer if it had been synched with an iPhone.
The issue affected the approximately 117,600 customers who had registered the iPhone app with Citi since its launch in March 2009, a person familiar with the matter said. The bank doesn’t believe any personal data was exposed by the flaw.
“We have no reason to believe that our customers’ personal information has been accessed or used inappropriately by anyone,” Citi said. Apple acknowledged the issue and encouraged users to download the updated app.
Mobile banking is a popular and fast-growing activity on smartphones, as cellphones become more sophisticated and consumers use them to organize their lives. The Citi Mobile app, currently the 11th most-popular offering in the finance category of Apple’s App Store, allows customers to check balances, transfer funds and pay bills.
An estimated 18 million adults, or 7% of the adult population, are “active users” of mobile banking, meaning they use it at least once every three months—a small but growing fraction of the 196 million adults, or 84% of the population, who use any kind of banking services, said Red Gillen, a mobile- banking analyst at Celent, a financial-services research firm.
Citibank, with an estimated 800,000 mobile customers, ranks No. 5 in mobile banking, Celent said, behind Bank of America Corp. at No. 1 with an estimated 5 million users. In between are J.P. Morgan Chase & Co. at No. 2 with 2 million, United Services Automobile Association at No. 3 with 1.5 million, and Wells Fargo & Co. with 1.4 million, according to Celent estimates.
[…] This post was mentioned on Twitter by ChrisTWL, tcpflorida, Tom Gowing, mattandroTWL, willhalsteadTWL and others. willhalsteadTWL said: Review: Security Flaw in CitiBank iPhone App – http://www.techwarelabs.com/security-flaw-in-citibank-iphone-app/ […]