Citibank says iPhone app has security flaw

Stories like this are why I still have not got up the nerve to do banking, or even credit card transactions, on my phone

Shouldn't this be a non-issue if you choose to encrypt your iPhone backup? I'm not a programmer, but could Citibank have the app encrypt whatever information it needed to be stored locally?

Yep, got one of those letters as well. I tend to check the App store for updates on a daily basis.

I suppose its a good thing it never worked!

Perhaps Apple should have pulled the killswitch on the original app - if ever there was a potential justifiable reason to use it, I'd say something like this could be it.

Once it's gone, reinstall via Appstore (which results in the new version being installed), and problem solved. Relying on people to update it manually is a recipe for disaster, especially now that they've made this flaw public knowledge - I know people who don't update their apps for months at a time!

iTunes checks for updates frequently and tells you upgrades are available. You then download and they update automatically when you next sync. Forcing a mandatory upgrade is never good idea, it opens the door to all kinds of problems because the user can't control exactly when they upgrade and in and of itself could also be abused.

And there's a warning on each download telling you what is is in the upgrade. Maybe iTunes could flash a warning stating there are high priority upgrades, but don't shove things down people's throats. Everyone is responsible for their own security.

Does the iPhone SDK have a way of implementing mandatory upgrades? I imagine it would be easy, especially for an online app (check a URL for latest version, if current doesn't match then refuse to run) but it seems like something that would be very convenient if built into the SDK (could be set as a true/false in Info.plist).