Yesterday, the Wall Street Journal reported that Citigroup’s iPhone electronic banking app contained a security flaw that had been fixed. According to the article, a new version of the app has been made available to customers through Apple’s App Store. The Citi app was developed in conjunction with mobile app specialist mFoundry and allows customers to view their banking and/or credit card statements and make bank payments. From the Journal article:

“Citi said its iPhone app accidentally saved information—including account numbers, bill payments and security access codes—in a hidden file on users’ iPhones. The information may also have been saved to a user’s computer if it had been synched with an iPhone. The issue affected the approximately 117,600 customers who had registered the iPhone app with Citi since its launch in March 2009, a person familiar with the matter said. The bank doesn’t believe any personal data was exposed by the flaw.”

Forrester customers who are also Citi banking or credit card customers should immediately update their iPhone app. They should also change their account password if their phones have been stolen or lost.

I have not spoken to Citi about this matter, and I do not have inside knowledge about the nature of the vulnerability. However, it stands to reason that: