Information Security Asked on December 12, 2021
Unfortunately, I find myself serving a 14d COVID-19 self-isolation period in a hotel which only offers unsecured public WiFi.
This has me wondering if all the financial apps on my iPhone with FaceID-enabled sign-ons are secure or not (e.g. Charles Schwab, American Express, etc.)
Can anyone comment on the typical security stack that would underly this category for app? Does everything boil down to a proper implementation of TLS access to the backend?
Is there any chance that using these Apps is still secure over public WiFi?
To know whether each individual app is secure in that scenario cannot be answered without thoroughly auditing each app. But assuming they are securely using TLS for all communications, any type of local biometric authentication probably doesn't have anything to do with what traffic is sent to the server.
The application is probably already logged in to the server, possibly already sending data and synchronizing your accounts in the background, and only requests biometric authentication from the OS to check if an authorized user is holding the device. So in that light, if the app does not properly implement TLS and is already communicating with your account credentials in the background, it is already inherently insecure; whether or not you use biometrics don't contribute either way in that case.
Answered by multithr3at3d on December 12, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP