Is Your Banking App Secure?

Last week I was in Malta for Financial Cryptography and Data Security 2017 to present my recent work on securing the PKCS#11 cryptographic API. One talk that stood out for me was by researchers from the University of Birmingham, who looked for vulnerabilities in the mobile apps provided by major UK banks. Sadly, they found major weaknesses in apps from 5 of the 15 banks they investigated. Several apps use certificate pinning , where the app hard-codes a certificate from a trusted CA and only acc