There is a really good talk about some vulnerabilities found in the N26 banking app presented at the CCC congress this year.
<amp-iframe width="1024” height="360” sandbox="allow-scripts allow-popups” layout="responsive” frameborder="0"src="https://media.ccc.de/v/33c3-7969-shut_up_and_take_my_money/oembed” allowfullscreen>
The talk is worth a watch but it does highlight some key points
No Certificate Pinning was being used that made it easy for the research to MITM the app that’s not to say Cert Pinning fixes all issues but doing it makes things a lot harder for attackers.
Read more →