In a study of 40 iOS banking apps from a a variety of countries across the world security apparently wasn’t a requirement!
40% of the audited apps do not bother to validate the authenticity of SSL certificates presented by the Banks web back end.
Other than why bother with SSL if you’re not going to use it, skipping this basic check renders apps susceptible to MiTM (Man in The Middle) attacks, which any script kiddie can instigate with a basic Google search and minimal skills
50% of the apps are vulnerable to cross-site-scripting (XSS) attacks, and also had the native iOS functionality exposed in some cases.
exposing iOS functionality could allow actions such as sending SMS or emails from the victim’s device.
How to fix it?
Two factor authentication using a dongle, SMS or voice channel.
Oh and basic security testing of an app would be good as well