Citigroup recently notified it’s U.S. customers that there was a security flaw in their iPhone mobile banking application that may have stored customer information including account numbers, bill payments and security access codes. The customer data was being saved in a hidden file on the users’ iPhone. If the user synced their iPhone with a PC, their banking information could have also been saved to that computer as well. Citigroup said it did not believe its customers’ personal information was accessed or used inappropriately and that this only affected iPhone users in the U.S. We commend Citigroup for staying on top of the problem, getting a fix out and appropriately notifying users. The Wall Street Journal first reported the news in an article today on Citigroup’s mobile banking iPhone app.

If you are a Citibank customer and have used the iPhone app, you should:

1. Upgrade to the new version of their iPhone software
2. Change your banking password
3. Double check your bank account for any unusual behavior

This is only the beginning of a trend we’ve started to see with developers inadvertently exposing sensitive data. Mobile apps can expose more information than people realize.

Today’s news is very timely, as Lookout security researchers get ready to discuss security flaws of mobile apps at the Black Hat conference this week. More news to come, so stay tuned.

Our team is gearing up to speak at the annual Black Hat Technical Security Conference next week in Las Vegas. As a regular at this conference, the one big thing we’ve noticed is that new for this year, mobile is big. With over six dedicated talks on mobile security, this is more than any previous conference. We are excited to be giving two talks on mobile security here.

We’ve got new and interesting data to reveal that we haven’t yet announced, so stay tuned for more details.

These Aren’t the Permissions You’re Looking For

When: Wednesday, July 28 1:45 – 3:00 pm
Speakers: Anthony Lineberry, David Luke Richardson, Timothy Wyatt

App Attack: Surviving the Mobile Application Explosion

When: Wednesday, July 28 4:45 – 6:00 pm
Speakers: John Hering, Kevin Mahaffey

Hope to see you at the show!

Introducing the Lookout Super User Story of the Month

We have received an overwhelming number of stories from our users telling us how Lookout has protected their smartphone. To honor you, our best users, we have developed a new program for our blog to highlight one Lookout “Super User” a month. If you’ve got a great story to share with us, please email us at superusers-at-mylookout.com. So without further ado, we are proud to present our first  “Lookout Super User of the Month,” Sara Dellabella.

Lookout Super User Story: Sara Dellabella

Photo sent from Sara’s Motorola Droid

Name: Sara Dellabella

Occupation: Car Saleswoman at Runde Auto Group

Location: Cuba City, Wisconsin

Lookout User Since: January 2010

Device Type: Motorola Droid

Favorite Lookout Feature: Antivirus & Data Backup

What do you use your phone for?

Everything! Videos, pictures and web browsing for both professional and personal use.

What are some other apps that you can’t live without?

Pandora, eBay

How Sara Found Lookout

Sara originally came across the Lookout application when she was browsing apps in the Android Market. She read through the reviews and saw that we had a Five-Star rating, so she decided to download Lookout and give it a try.

What Sara Loves About Lookout

Initially the data backup feature was what intrigued Sara about Lookout because she stores everything on her phone from to-do lists, photos and contacts, to passwords and banking information. The other feature that she liked was the Antivirus. Sara’s 8-year-old son, Dylan, loves to download and play games on her Motorola Droid. Because she’s not always sure what Dylan is downloading, it gives her peace of mind to know that Lookout scanning every application that he gets a hold of.

How Lookout Saved the Day

Previously Sara didn’t have Lookout running on her Droid and within a week of getting the new phone, her son Dylan had downloaded a bad game, crashing her phone and causing her to lose all of her data – pictures, contacts, passwords and more! Based on that experience she was quick to download Lookout onto her new phone.  So far, Lookout has quarantined six bad apps, saving her from the headache of getting a new phone or losing her valuable data.

Moral of the Story

“Always have Lookout on your phone, it is the best app I have seen in the Android Market.  It’s one simple thing to keep you protected!”

– Sara Dellabella

Do you have a story to share?

Big thanks to Sara for sharing her awesome story with us. Do you have a super story to share about Lookout? Has Lookout helped you find your lost phone in a trash can, catch a thief or protected you from downloading a bad app? If so, we would love to hear from you! Send your mobile memoir to superusers-at-mylookout.com. If we select your story, you will receive an exclusive Lookout Super User t-shirt and get featured on our blog. Start sending those stories in!

We are very excited and honored to be recognized as the Best Android Application award at the Gettie Awards ceremony last night. Hosted by Getjar, the first ever Gettie Awards recognized the best in mobile applications across all platforms. Over 7,000 apps were nominated, and we feel very lucky to be in such great company of amazing mobile apps.

Every day users tell us how Lookout has saved their most important data, helped them feel safe as they download apps, and find their lost phone quickly. We never get tired of hearing these great user stories, and now with over 1 million users, protecting our users is more important to us than ever.

Thanks for supporting Lookout and keep the great feedback coming!

Lookout CEO, John Hering, making his acceptance speech after winning Best Android App.

Today the Register released an article detailing how 50 people were arrested in Romania for using an application called FlexiSPY to spy, for political or economic purposes, on other Romanian citizens. While these kinds of spying tools are not new, smartphones give these tools a new platform to collect information that is much more personal than what they have been able to collect before. Personal location, calls, sms messages, even live conversations can all be tracked by this kind of “surveillance-ware” application. We have seen an increasing number of these applications in market and often our users don’t know how these applications were placed on their phones.

In order to install this kind of application, someone needs to have access to your phone. So in terms of preventative measures, keep an eye on your phone, use a password and install some protection to catch such applications if they do make it on to your phone.

It’s amazing to think that not long ago we had around 10,000 dedicated users testing Lookout and today I am proud to announce that Lookout is now over 1 million users strong and growing faster every day. This is a truly exciting time to be a mobile user. Devices are more powerful than ever, innovation of mobile applications is rapidly evolving, and we are on the dawn of 4G network proliferation – the dream of the internet everywhere is truly becoming a reality.

While this is an important milestone, we a’re even more excited to see how our users are protected by Lookout. Everyday we are blocking mobile malware, restoring lost data and finding lost and stolen phones.  In fact, just over the past 6 months, Lookout has:

• Found more than 130,000 lost or stolen phones
• Backed-up over 87 million photos
• Backed-up over 300 million contacts
• Saved users over 85,000 hours by restoring millions of contacts and photos to new or replacement phones

We’’re proud to have reached this achievement and we very much owe our success to to our users. It is you, our users, who have downloaded our application and provided us with ongoing feedback to improve our product and service.  Please keep all of the great feedback coming. We look forward to continuing to build the best products imaginable to keep you safe while using your mobile phone.

It is amazing to think how quickly the next million Lookout users will come and how excited we are preparing for the next hundred million. To all our amazing users: Thank you. We fight for you.

John Hering

Founder / CEO

The recent iPad breach has drawn serious attention to the imminent threats surrounding mobile devices. Friday June 18, Lookout CEO John Hering appeared on Rafe Needleman’s Reporters’ Roundtable Segment to give his expert opinion on mobile security. Joined also by Elinor Mills, CNET News Security Reporter, this Roundtable was focused on the issue of mobile device security and the rising concerns surrounding the safety of cellular networks.

For more on this video, visit the CNET website.

There is no silver bullet when it comes to security and there is no mobile platform that is immune to security risks. As we wrote in a TechCrunch update to the recent iPad breach, more personal data was potentially at risk than initially reported. This incident is just a reminder that no mobile platform is immune to security risks. Your mobile device has a tremendous amount of personal information and, in the increasingly networked world of mobile, both carriers and third-party web services have access to this data and often more.

As mobile devices become more sophisticated and access even more personal data, there’s an increasing incentive for cybercriminals to attack. The mobile device is much more exposed than the traditional PC. Threats can come from all directions, targeting the device directly over SMS, Bluetooth, Wi-Fi, web browsers, apps, and e-mail.

We expect to see a lot more attention paid to this in the near future – our data shows that there was a doubling of threats to smartphones between December and April of this year alone. With the increase of smartphones and our ongoing dependency on them in our daily life, it’s no surprise that there will be a stronger focus to protect them.

Tonight NBC news featured Lookout and our CEO John Hering as they discussed how to secure your mobile phone against the viruses, malware, loss and theft. Noting that Lookout is one of the top ten most popular apps downloaded on BlackBerry devices today, the segment demonstrated how consumers can block viruses, back up data and easily find a missing phone using Lookout. Check out the video below!

In the first few months of 2010, we at Lookout saw a noteworthy shift occurring. Mobile malware and spyware are becoming increasingly prevalent, as a Wall Street Journal article, “Dark Side of Phone Apps” reported today.

At the same time, an article in Slate referred to the “End of Malware.” While new operating systems like Android, Chrome and iPhone may be an improvement over the Windows desktop of the past, our data tells us that malware is alive and well on the smartphone. It could be the end of malware on the desktop, but it it is just the beginning for malware on the smartphone.

Across our installed base, we’ve gone from seeing 4 pieces of malware and spyware per 100 phones per year in December 2009 to 9 per 100 phones per year in May 2010. That’s more than double the prevalence of malware and spyware on smartphones in less than 6 months.

With the rate at which smartphones are growing, and with the number of apps being downloaded projecting to reach 50 billion, it is no wonder that malware is also increasing. Hackers are also waking up to the fact that people are doing more with their smartphone: downloading apps, using their phone for mobile banking and payments, and storing more personal data on their phones than ever before. Smartphones are now a lucrative target for hackers.

As always, we recommend keeping your smartphone protected by downloading a mobile security app like Lookout. If you love your smartphone, set it free… from malware that is.

Click to enlarge image