(929) 590-5818 [email protected]
en
en

UNIQA: iOS App Security Assessment

Client:
Uniqa Insurance — a major international insurance company headquartered in Vienna
Industry:
Insurance
Focus:
Protection of personal and financial data in the mobile application
Main challenge:
Security testing of the iOS app to prevent data leaks and unauthorized access
Market:
Central and Eastern Europe
Services provided:
iOS app pentest, authentication, API & integration analysis
Key Takeaways
  • Improved GDPR compliance and data handling
  • Strengthened API security and authentication
  • Identified 19 vulnerabilities, including one critical issue
  • Conducted a Gray-box penetration test of the iOS app
  • Delivered a report with clear risk mitigation recommendations
    • 19
    vulnerabilities identified
    GDPR
    requirements addressed
    100%
    on-time delivery
    UNIQA: iOS App Security Assessment
    Dec 20, 2024
    14 min
    UNIQA Insurance commissioned a security audit of its iOS app to prevent leaks of personal and financial data. During a Gray-box penetration test, the Datami team identified 19 vulnerabilities and provided recommendations that helped reduce risks and improve GDPR compliance.

    Uniqa Insurance is an international insurance corporation headquartered in Vienna, operating across Central and Eastern Europe. The company actively leverages mobile apps, a website, a client portal, and online services that serve tens of thousands of clients daily.

    For UNIQA, protecting against data leaks, unauthorized access, and mobile app breaches is absolutely critical.

    Tasks and challenges
    UNIQA Insurance operates in the high-risk financial sector, processing customers’ personal and financial data while complying with ISO 27001 and GDPR standards.
    Due to the risk of data breaches and app hacks, the company initiated a scheduled security test of its iOS app, the key channel for customer interaction.
     
    • Conduct a penetration test of the iOS app, including API and backend components.
    • Analyze authentication, network traffic, and integrations with other services.
    • Identify all vulnerabilities and prepare a detailed report with recommendations.
    • Ensure compliance with GDPR and financial industry security standards.
    icon
    Perform penetration testing
    Test the iOS app for vulnerabilities
    icon
    Assess cyber protection
    Analyze risks of data leaks and account breaches
    icon
    Prepare a comprehensive report
    Describe issues and risks, provide recommendations
    Datami’s methodology for UNIQA Insurance security testing
    Our approach

    Within the project, we performed a comprehensive security review of UNIQA’s iOS app, covering API requests, authentication, network traffic, and third-party integrations.

    The main method was a penetration test using the Gray-box approach. We combined automated scanning (Burp Suite, OWASP Mobile Testing Guide) with manual testing and custom scripts to analyze critical areas.

    This approach allowed us to identify 19 vulnerabilities, including one critical issue, and to deliver detailed technical recommendations for remediation.

    Gray-box
    Gray-box
    The team had limited access to technical information. This enabled us to simulate real-world attack scenarios from the perspective of a partially informed attacker, achieving a balance between depth and realism.
    Main project stages and decisions

    During the project, the team discovered third-party integrations that were not initially reported by the client and promptly included them in the assessment. This allowed us to cover all critical system components.

    The project was delivered in full and on time. Communication with the UNIQA team was transparent, with regular updates ensuring clarity and a quick response to any issues.

    The workflow included several key stages:

    • Preparation
      — planning, clarifying technical details, and analyzing the app’s architecture to identify risk areas.
    • iOS app penetration testing (gray-box)
      — testing APIs, authentication, network traffic, and integrations using a mix of automated and manual methods.
    • Analysis and reporting
      — compiling a detailed report on the work performed, along with recommendations to eliminate vulnerabilities and strengthen overall security.
    Cybersecurity starts with action
    How we can help you?

    Every cybersecurity case study we solve involves deep analysis, tailored solutions, and measurable results.
    Datami has already helped over 600 companies strengthen their digital defenses — and we can do the same for your business.
    Ready to take action?

    Let’s start with a free consultation!
    Results and recommendations
    Fewer critical risks — more confidence
    Results and recommendations

    At the start of the project, the security level of the UNIQA mobile app was assessed as moderately risky: one high-risk and several configuration issues posed potential threats to personal and financial data. During the penetration test, the Datami team identified 19 vulnerabilities, including one critical.

    After implementing the recommendations, the system became significantly more resilient to attacks: the risk of unauthorized access was substantially reduced, the probability of data leakage was minimized, and compliance with GDPR and financial standards was improved.

    The client received clear recommendations for further strengthening cybersecurity, including:

    1. remediation of vulnerabilities;
    2. a review of authentication processes;
    3. verification of all third-party integrations.

    UNIQA not only gained a better understanding of technical risks and actionable steps for remediation but also reduced potential financial and reputational losses. All project objectives were achieved.

    Our certificates
    Key project outcomes

    Thanks to the collaboration with Datami, UNIQA Insurance received comprehensive security testing of its iOS application (19 vulnerabilities identified, including one critical) and clear recommendations for their elimination. The system became more resilient to attacks, and GDPR compliance was significantly improved.

    This cybersecurity case study proves that even large-scale companies working with sensitive data require regular penetration testing — a cornerstone of digital security that helps avoid financial, legal, and reputational risks.

    Category
    Before the project
    After implementation
    Security level
    Moderate risk
    Risk level reduced, 19 vulnerabilities found, critical fixed
    Critical vulnerabilities
    Potentially present
    1 identified and eliminated
    Account compromise
    Possible due to auth flaws
    Risk reduced after fixes
    Third-party integrations
    Not all documented
    Discovered and tested
    Security compliance
    Partial compliance
    Improved compliance with financial standards
    Timeline
    Dependent on client’s internal deadlines
    Project completed on time
    More success stories with Datami
    Browse other project case studies
    Mobile App Security Outstaff Audit

    Mobile App Security Outstaff Audit

    • Identified dangerous configurations and data leaks
    • Strengthened security before product launch
    Services:
     
    Nov 20, 2025
    Security Policy Audit for a Fintech Company

    Security Policy Audit for a Fintech Company

    • Seven key cybersecurity policies were reviewed and assessed
    • Regulations aligned with ISO 27001, DORA, GDPR, and NBG
    Services:
    Security policy and compliance audit
    Nov 20, 2025
    Security Testing of the DonorUA Medical Platform

    Security Testing of the DonorUA Medical Platform

    • A report with recommendations for strengthening security was provided.
    • No critical security threats were confirmed.
    Services:
    Web application pentest (Black-box)
    Nov 18, 2025
    Back to all cases
    Security image
    Ready to assess your project's security?
    Contact Datami — we’ll help you identify risks, strengthen your cybersecurity, and confidently pass certification.
    Datami articles
    Modern Phishing Campaigns Use PDF Files for Attacks Datami Newsroom
    Datami Newsroom

    Modern Phishing Campaigns Use PDF Files for Attacks

    Next-generation phishing campaigns disguise themselves as well-known brands and use artificial intelligence to mislead users. In 2025, companies face a wave of sophisticated attacks that are changing cybersecurity rules.

    Nov 24, 2025 3 min
    KillSec Ransomware Attacks Healthcare Datami Newsroom
    Datami Newsroom

    KillSec Ransomware Attacks Healthcare

    The hacker group KillSec has recently been actively attacking the IT systems of the healthcare sector in Latin America and other countries — the attackers have already stolen dozens of gigabytes and nearly 95,000 files.

    Nov 18, 2025
    Datami at MERGE Madrid and EBC 25 Datami Newsroom
    Datami Newsroom

    Datami at MERGE Madrid and EBC 25

    The Datami team attended MERGE Madrid and the European Blockchain Convention 2025 to share their expertise and witness how Web3 is evolving. This year, the focus shifted toward real-world solutions – security, auditing, and transparent standards.

    Nov 13, 2025 3 min
    Show all articles
    Order a free consultation
    By submitting this form, I confirm that I have read and agree to the Privacy policy
    We value your privacy
    We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy