Citigroup said that the new iPhone app for its mobile banking customers had a security flaw. As you might expect, the company is reacting quickly and has said it wants its users to upgrade to a new app that fixes the flaw.

There are growing security challenges around mobile apps, and that’s why mobile security companies such as Lookout are getting a lot of attention. Citigroup said that its iPhone app accidentally saved personal account information in a hidden file on users’ iPhones. That information may have included their account numbers, bill payments, and security access codes. The user data may also have been saved to a user’s computer if they synced their iPhone with a computer. Citibank said it does not believe the data was breached.

Citibank released the new app on July 19, and that app deletes any information that may have been saved on either the iPhone or the computer. It was discovered in a routine security review, and the company notified customers of the problem on July 20. An app for credit card services was not affected. The app was launched in March 2009. It allows users to check balances, transfer funds and pay bills. (See our roundup of all Black Hat and Defcon stories).

[photo credit: business pundit]