Judging from the number of tweets and the volume of articles about the Citibank iPhone application recall, this was the news-item of the month. I think that it got more attention than the floods in Pakistan where people were killed. It should therefore be classified as a "disaster". (Read here, here, here and here, for a small sample). ""..be careful about the applications you install, even if they come from trusted sources.." one "expert" is quoted as saying. Life has just become seriously complex, when you can't even trust, trusted sources on your mobile. I made quite an effort to attempt to get to the bottom of this "massive" security breach, but was unable to understand the issue. Even if some of the transactional data were stored on hidden files on the device, how accessible is it, and how easily can it be used maliciously? This was not clear. Just to make the point, lets assume that the invoice-numbers of the bills that you have paid was stored on your phone. If some-one were to get his hands on these numbers, this would enable them to... pay your bills? Great! Anyhow, many of these numbers are much more in the clear in other formats: for instance in the mail (stored underneath a flimsy piece of envelope paper).
I am sure that the Citibank security officer is very good and diligent, but we must be careful that his/her paranoia does not effect a whole industry. While I am absolutely in support of a save industry and many of my postings on this blog support this, one should also guard against over-reactions of things that are non-events.
It seemed to me that one should be more worried about the fact that banks print one's credit card number on a plastic card that could also be lost. This critical information is stored in clear, unencrypted data for all to see....