Skip to main content

User Data Security in Financial App is Lax

By
What is the state of user data security in the Apple App Store?  I was shocked to find that it is not up to 2020 snuff.  I've been evaluating lots of stock market trading and portfolio tracking apps and web sites over the past weeks.  And now I've discovered I need to add a data security probe to the criteria for each app.

I had assumed that an app in the Apple store would need to pass some (unknown to me) form of data security to be allowed in the App Store.  I wonder if I'm just naive and there is no requirement and no review.  Perhaps if I lived in the EU I would have the GDPR to rely upon.  But not here in the good ol' USA.

I installed the Stocks Tracker Real-Time Stocks app by Dajax LLC on my iPhone.  I entered several of my stock transactions and tested some of its features.  One feature I'm particularly interested in is the ability to plot my personal buy/sell transactions on the stock's price graph.


It seems to me that this feature of plotting my actual buy and sell of a stock would be a no-brainer for most every portfolio stock market tool.  Yet it is astonishingly missing in almost all apps and web sites.  I'm ... pondering ... why....

I'm also testing the products for the ability to import a CSV file of transactions from my various banks, and trading brokerage houses.  I do not want to enter hundreds of transactions by hand.

In this ad-hoc process of testing many apps - I forgot or fat-fingered a password  -- and needed to reset the credential to access the StocksTracker Real-Time app.  So I found a "Forget Password?" link on the app (note the poor word choice is theirs).  I got an email in short order.  But reading it - I was SHOCKED!  There in clear text, in black and white, was my super-secret password.  Here let me show you ... (after mocking up a non-secure password for this demo)...

So dear reader, when we find a company that is not meeting our data privacy needs... what recourse do we have?  What can we do about such poor behaviors?  I searched for Apple's App Store reporting for security/data issues but could not find any place to report this type of failure.  So I sent it to Apple in general.

Do you have a reasonable belief and assurance that an app from a trusted site (Apple's App Store) would have 21st C. practices with respect to data and passwords?

See Also:

Cleartext passwords, and worse found among top 21 financial trading apps by Robert Abel 2017

Labels:

Comments

Post a Comment