en

UNIQA: iOS App Security Assessment

Client:
Uniqa Insurance — a major international insurance company headquartered in Vienna
Industry:
Insurance
Focus:
Protection of personal and financial data in the mobile application
Main challenge:
Security testing of the iOS app to prevent data leaks and unauthorized access
Market:
Central and Eastern Europe
Services provided:
iOS app pentest, authentication, API & integration analysis
Key Takeaways
  • Improved GDPR compliance and data handling
  • Strengthened API security and authentication
  • Identified 19 vulnerabilities, including one critical issue
  • Conducted a Gray-box penetration test of the iOS app
  • Delivered a report with clear risk mitigation recommendations
  • 19
    vulnerabilities identified
    GDPR
    requirements addressed
    100%
    on-time delivery
    UNIQA: iOS App Security Assessment
    UNIQA Insurance commissioned a security audit of its iOS app to prevent leaks of personal and financial data. During a Gray-box penetration test, the Datami team identified 19 vulnerabilities and provided recommendations that helped reduce risks and improve GDPR compliance.

    Uniqa Insurance is an international insurance corporation headquartered in Vienna, operating across Central and Eastern Europe. The company actively leverages mobile apps, a website, a client portal, and online services that serve tens of thousands of clients daily.

    For UNIQA, protecting against data leaks, unauthorized access, and mobile app breaches is absolutely critical.

    Tasks and challenges
    UNIQA Insurance operates in the high-risk financial sector, processing customers’ personal and financial data while complying with ISO 27001 and GDPR standards.
    Due to the risk of data breaches and app hacks, the company initiated a scheduled security test of its iOS app, the key channel for customer interaction.
     
    • Conduct a penetration test of the iOS app, including API and backend components.
    • Analyze authentication, network traffic, and integrations with other services.
    • Identify all vulnerabilities and prepare a detailed report with recommendations.
    • Ensure compliance with GDPR and financial industry security standards.
    icon
    Perform penetration testing
    Test the iOS app for vulnerabilities
    icon
    Assess cyber protection
    Analyze risks of data leaks and account breaches
    icon
    Prepare a comprehensive report
    Describe issues and risks, provide recommendations
    Our approach

    Within the project, we performed a comprehensive security review of UNIQA’s iOS app, covering API requests, authentication, network traffic, and third-party integrations.

    The main method was a penetration test using the Gray-box approach. We combined automated scanning (Burp Suite, OWASP Mobile Testing Guide) with manual testing and custom scripts to analyze critical areas.

    This approach allowed us to identify 19 vulnerabilities, including one critical issue, and to deliver detailed technical recommendations for remediation.

    Gray-box
    Gray-box
    The team had limited access to technical information. This enabled us to simulate real-world attack scenarios from the perspective of a partially informed attacker, achieving a balance between depth and realism.
    Main project stages and decisions

    During the project, the team discovered third-party integrations that were not initially reported by the client and promptly included them in the assessment. This allowed us to cover all critical system components.

    The project was delivered in full and on time. Communication with the UNIQA team was transparent, with regular updates ensuring clarity and a quick response to any issues.

    The workflow included several key stages:

    • Preparation
      — planning, clarifying technical details, and analyzing the app’s architecture to identify risk areas.
    • iOS app penetration testing (gray-box)
      — testing APIs, authentication, network traffic, and integrations using a mix of automated and manual methods.
    • Analysis and reporting
      — compiling a detailed report on the work performed, along with recommendations to eliminate vulnerabilities and strengthen overall security.
    How we can help you?

    Every cybersecurity case study we solve involves deep analysis, tailored solutions, and measurable results.
    Datami has already helped over 600 companies strengthen their digital defenses — and we can do the same for your business.
    Ready to take action?

    Let’s start with a free consultation!
    Results and recommendations
    Results and recommendations

    At the start of the project, the security level of the UNIQA mobile app was assessed as moderately risky: one high-risk and several configuration issues posed potential threats to personal and financial data. During the penetration test, the Datami team identified 19 vulnerabilities, including one critical.

    After implementing the recommendations, the system became significantly more resilient to attacks: the risk of unauthorized access was substantially reduced, the probability of data leakage was minimized, and compliance with GDPR and financial standards was improved.

    The client received clear recommendations for further strengthening cybersecurity, including:

    1. remediation of vulnerabilities;
    2. a review of authentication processes;
    3. verification of all third-party integrations.

    UNIQA not only gained a better understanding of technical risks and actionable steps for remediation but also reduced potential financial and reputational losses. All project objectives were achieved.

    Our certificates
    Key project outcomes

    Thanks to the collaboration with Datami, UNIQA Insurance received comprehensive security testing of its iOS application (19 vulnerabilities identified, including one critical) and clear recommendations for their elimination. The system became more resilient to attacks, and GDPR compliance was significantly improved.

    This cybersecurity case study proves that even large-scale companies working with sensitive data require regular penetration testing — a cornerstone of digital security that helps avoid financial, legal, and reputational risks.

    Category
    Before the project
    After implementation
    Security level
    Moderate risk
    Risk level reduced, 19 vulnerabilities found, critical fixed
    Critical vulnerabilities
    Potentially present
    1 identified and eliminated
    Account compromise
    Possible due to auth flaws
    Risk reduced after fixes
    Third-party integrations
    Not all documented
    Discovered and tested
    Security compliance
    Partial compliance
    Improved compliance with financial standards
    Timeline
    Dependent on client’s internal deadlines
    Project completed on time
    More success stories with Datami
    Browse other project case studies
    Stability and Security for Real-Time Trading

    Stability and Security for Real-Time Trading

    • Hardened two web apps and APIs against exploits and DDoS
    • Maintained full service availability
    Services:
    Black-box web app pentesting, implementation of Dataguard
    Jul 8, 2025
    Security Audit of P2P Platform for GDPR Compliance

    Security Audit of P2P Platform for GDPR Compliance

    • Prevented PII exposure and logic abuse in critical flows
    • Delivered fixes to align with GDPR and security best practices
    Services:
    Penetration testing, smart contract audit, code security review
    Jun 27, 2025
    Security Audit of Banking Web, Mobile & API Systems

    Security Audit of Banking Web, Mobile & API Systems

    • Ensured PCI DSS and ISO 27001 readiness with full-scope testing
    • Prevented DoS attack and mitigated critical vulnerabilities
    Services:
    Black-box pentest of web resources and infrastructure
    Jun 6, 2025
    Security image
    Ready to assess your project's security?
    Contact Datami — we’ll help you identify risks, strengthen your cybersecurity, and confidently pass certification.
    Datami articles
    Ingram Micro confirms ransomware attack Datami Newsroom
    Datami Newsroom

    Ingram Micro confirms ransomware attack

    California-based company Ingram Micro, headquartered in Irvine, California, has reported the discovery of ransomware in its internal systems. The attackers caused a disruption in order processing.

    Jul 31, 2025 3 min
    Automation vs. Pentesters: Can AI Replace Humans? Datami Newsroom
    Datami Newsroom

    Automation vs. Pentesters: Can AI Replace Humans?

    Every year, companies are increasingly integrating automated tools into their cybersecurity processes. Automation is just one auxiliary tool that comes with both advantages and disadvantages that must be kept in mind.

    Jul 25, 2025 3 min
    Aviation and Cyber Threats: TOP Hacker Attacks on Airports and Aircraft Datami Newsroom
    Datami Newsroom

    Aviation and Cyber Threats: TOP Hacker Attacks on Airports and Aircraft

    The aviation industry is one of the most technologically advanced sectors, significantly influenced by digitalization. At the same time, this increases its vulnerability to cyber threats, which can have catastrophic consequences.

    Jul 23, 2025 3 min
    Order a free consultation
    We value your privacy
    We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy