TechCrunch reports on security and privacy problems with some mobile tax apps:
As the clock ticks toward midnight, putting an end to tax day 2014, Hewlett-Packard is warning consumers of mobile tax and finance apps that they may want to audit their own usage.
Those included accessing the phone’s address book, geo-location, storing sensitive data in clear-text, not setting cookie properties securely and insecurely transmitting data.
Another 50 percent of the applications use cryptographic methods that are known to have security weaknesses like md5 or SHA1. Other flaws included image caching from a Social Security number input screen, which could expose the information to malware installed on a device. […]
“A lot of companies are looking at mobile apps as a fancy user interface, and they’re putting their protection on the back-end behind their firewall,” [said Maria Bledsoe, Senior Manager of Product Marketing at HP.] “But they’re not realizing yet that this is yet another attack vector and is an entry point for the hackers.”