Come On, Hire a Professional

July 27, 2010

The Wall St. Journal reports a Citi Mobile security flaw, affecting the Citibank app for iPhone/Touch/iPad users. An update is available to patch the problem:

"In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved personal account information in a hidden file on users' iPhones. Information that may have been stored includes their account numbers, bill payments and security access codes. The information may also have been saved to a user's computer if they synced their iPhone with a PC."

How can you accidentally save information to a hidden file? Did they have QA? A specification? A process of some kind? Or was this built by someone's brother in law?

I'm guessing they cached the data in a SQLite database and for whatever reason failed to understand persistence or the iOS filesystem.

The yucks of this one are enhanced by Citibank being one of the world's largest banks where you would think security would be job number two (after profit of course). Having worked for a financial services company I understand how stupid IT can be in one.

Hiring a cheap IOS programmer is not saving money. Skimping on QA or project management since it's just an iPhone app is dumb. You don't need a big staff just one with a clue.

Next time, hire a professional.