“A few months ago, Citibank (C) notified users of its iPhone mobile app of a potentially huge boo-boo it had made.
The app was saving personal user identification info in a hidden file on the iPhone. The file was completely unprotected, and would sync to the phone owner’s computer when the iPhone was plugged in. Basically, if you knew where to look, you could get all the information you needed to access someone’s bank account, care of the bank itself.”