“I bet you never would use an app for online banking.”

This comment might seem a little out of left field, but Ireceived it after spending 60 minutes demonstrating all the ways Icreate malicious apps to rip people off via their mobiledevices.

To be clear, I am not a criminal. However, after spending morethan 20 years being paid to hack into organizations, physically robsecured facilities, and create new malware designed to bypass eventhe most sophisticated security solutions, it is no wonder thatpeople assume I personally would have so little faith incyber-technology.

“Actually, I do almost all my banking via mobile apps,” was mysimple response.

My answer was met by surprise and confusion, so I spent the nextseveral minutes explaining all the reasons why mobile devices areone of the biggest threats to personal banking, and yet, I stilltrust them enough to manage my personal finances.

First, let me be clear: I think that the security risks mobiledevices present to individuals and corporations alike areastronomical. In a recent seminar, I demonstrated a mobile app thatI wrote that looked like a Gmail message counter. When installed,the app would show how many unread messages were in your Gmailinbox. Not such an exciting app, but the reality was that it hadfar more going on behind the scenes. When the app was installed, itwould send me the email address of the user who owned the phone.People often fail to realize the value of a simple emailaddress.

As a criminal, I would then take those email addresses and visita large number of websites such as eBay, Amazon and Paypal, andselect the “Forgot Password” option. When you forget your password,these websites allow you to enter your email address, and they thensend you a link via that email account to reset your password. Inthis case, my malicious app was designed to watch for those emailsthat went out to the users. When they arrived, the app would simplyforward those emails to me. In addition, the app would delete theemail from the user's account so the user would never see that itarrived. Armed with a copy of the email containing the link toreset the password, I simply clicked on the link, changed thepassword, and just like that, I had control of the account.

This is all from a simple app installed on a mobile device.Worse yet, this is just one of many malicious apps that I havewritten and demonstrated to hundreds of thousands of people to showthem just how dangerous apps on a mobile device can get.

So why is it that a person like me, who knows first-hand justhow malicious a device can be, would still consider using thatdevice for online banking? Because knowing how bad it can be hasalso shown me just how secure the devices really are.

Mobile apps can be malicious, but they also have their limits.When your personal computer gets a virus, everything on yourcomputer is compromised. On the other hand, when you install amalicious mobile app, the other apps on your device remain securein most cases. This is the fundamental difference between thesecurity of your personal computer and your mobile device. Whatthis means is that the risks you face are directly related to thedecisions you make when installing mobile apps. If you choose toonly install apps from reputable organizations such as yourfinancial institution, or from an official app store, and use thoseapps for their intended purposes, you should feel far more securethan you would be using your web browser on your personal computerto conduct online banking. While there are always risks, the simplefact is that right now, your mobile device is the more securechoice for banking online.

Jim Stickley is CEO of Stickley on Security. He can bereached at 619-797-6131 or [email protected].