Several major financial services firms, including Bank of America, Wells Fargo and PayPal, have rushed to fix security flaws in their iPhone and Android apps identified by viaForensics.
The mobile security specialist says its appWatchdog findings show flaws in apps from Bank of America, Chase, TD Ameritrade, USAA, Wells Fargo and PayPal. The only tested company with a clean bill of health was Vanguard.
The apps have been storing user's information in the memory of their phones, which means criminals could glean valuable data if they stole the handset or lured victims to malicious sites.
According to the Wall Street Journal, Wells Fargo has updated its Android app after it was revealed that the previous version stored the account holder's username and password on the phone in plain text.
Meanwhile, Bank of America's Android app saves the answer to a security question in plain text on the handset. The firm told the WSJ that the issue does not pose a threat to customers but it is still being fixed.
PayPal has updated its iPhone app and TD Ameritrade is in the process of rolling out updates for its iPhone and Android offerings.
Andrew Hoog, chief investigative officer, viaForensic, told the WSJ: "It's not the end of the world. But it's just sloppy. These guys should not be storing this data on a phone."
Banks Rush to Fix Security Flaws in Wireless Apps - WSJ