If you’re using banking apps on an iOS device, you might be interested in some research by Ariel Sanchez, following up on his earlier research into the security of mobile banking apps from some major banks. (You might find Paul Ducklin’s commentary for Sophos on the earlier research of interest, too.)
Sanchez’s analysis is restricted to a general consideration, without identifying individual apps or banks. Still, you might find it useful – if mildly disturbing – to see how well (or otherwise) banking apps currently stand up to his testing on:
- Transport security
- Compiler protection
- Insecure data storage
- Binary analysis
Commentary by John Leyden for The Register here.
It would be interesting to see if the picture is any different on Android, if there’s any comparable research available. (I haven’t seen any, but that doesn’t mean there is none.)
Also posted on the Mac Virus blog.