iPhone Security Banking Apps - Based on true recent survey, "the bank 54% of calls are high priority to creating a mobile banking service." However, their main concern is the security of mobile devices. Asked about the biggest barriers to the growth of mobile corporate banking, 77 percent cited concerns about fraud and security.
For a major Wall Street banks designed iPhone / led the team because it was calculated to build an app, but I know this first hand that is a serious problem in the enterprise .Look for iPhone Security Banking Apps
Here are some steps you can take are as follows:
- Do not store any sensitive information on the device. Actually we are not at all the stores are either a non-login, this is the app's users, in order to facilitate the login in the future, but only if you choose to save it. Citigroup has a security flaw in it, reported in July 2010 iPhone app. Problem: They have sensitive information stored on the device.
- Please check your startup Jailbroken. If the device is jailbroken, you have to remove the restrictions that Apple, full access (root access) you can get to unlock all the features of the system operation said. This means that you can get data on applications and devices that hackers. They also decode your binary application, logic, communication endpoints might be able to check and more.
- Ensure that communications are secure and ensure that all external. External bank systems (HTTPS is, SSL, etc.), please use a secure protocol to communicate with. We actually implemented an additional layer on top of this redirection.
- Application time-outs and / or closure at the end. If the phone is to say without a password on your device somewhere and remain locked, you must not only check to see who can get the application without providing credentials and pickup device available. Of them, after say 5 minutes of inactivity, you can adopt a time-out applications that require a login.
- Apple also said, "The application does not run in the background" option has called the building's setting. This building is checked if the plist file in the required application to reload when you press the Home button to exit completely. The default setting, unless the device is restarted, which means that the application remains in memory, has not been selected. In this case, had adopted some kind of timeout periods that require better credentials after a timeout.
- The car runs external penetration testing vendor. We have to do this, the company hired three party security professional. They all communications endpoint URL as well as testing protocols and the actual device. Because this is a relatively new field, find a vendor with experience in security and mobile devices.
