A white hat hacker reverse engineered 30 mobile financial applications and found sensitive data buried in the underlying code of nearly all apps examined. With this information a hacker could, for example, recover application programming interface (API) keys and use them to attack the vendor’s backend servers and comprise user data, researchers said.
The apps in question were all Android and culled from eight sectors including retail banking, healthcare and auto insurance. Companies behind the apps ranged from Fortune 100 companies and down.
Source: ThreatPost