Mobile banking apps are also prone to hacking [Source: http://www.youtube.com/watch?v=zdO9CQqOuP8]
During my recent coast to coast sojourn in North America, during which I had the good fortune of meeting many of our customers, there was one theme that stood out in all discussions--security of mobile apps. The concern was more around B2C applications, given the increasing penetration of the Android operating system. With its open model and multiple OS versions, Android, in recent times, has shown increasing vulnerability to malware, Trojans, etc. Even iOS is not completely free from these vulnerabilities, although the perception is that a highly controlled and closed ecosystem makes it less susceptible.
Take for instance, the recent hacking of the mobile app of a leading coffee retailer, where it was discovered that the user IDs and passwords were stored in a flat file. The CIO of the company commented that even if someone accesses the app login credential the only thing the person could do is buy coffee. I think this ignores a very important fact--that people may use that very same user ID and password on multiple sites. Keeping the login sequence on a mobile app simple has been the prevailing paradigm so far, in order to not compromise with user experience and increase the app adoption.