en

UNIQA: iOS App Security Assessment

Client:
Uniqa Insurance — a major international insurance company headquartered in Vienna
Industry:
Insurance
Focus:
Protection of personal and financial data in the mobile application
Main challenge:
Security testing of the iOS app to prevent data leaks and unauthorized access
Market:
Central and Eastern Europe
Services provided:
iOS app pentest, authentication, API & integration analysis
Key Takeaways
  • Improved GDPR compliance and data handling
  • Strengthened API security and authentication
  • Identified 19 vulnerabilities, including one critical issue
  • Conducted a Gray-box penetration test of the iOS app
  • Delivered a report with clear risk mitigation recommendations
  • 19
    vulnerabilities identified
    GDPR
    requirements addressed
    100%
    on-time delivery
    UNIQA: iOS App Security Assessment
    UNIQA Insurance commissioned a security audit of its iOS app to prevent leaks of personal and financial data. During a Gray-box penetration test, the Datami team identified 19 vulnerabilities and provided recommendations that helped reduce risks and improve GDPR compliance.

    Uniqa Insurance is an international insurance corporation headquartered in Vienna, operating across Central and Eastern Europe. The company actively leverages mobile apps, a website, a client portal, and online services that serve tens of thousands of clients daily.

    For UNIQA, protecting against data leaks, unauthorized access, and mobile app breaches is absolutely critical.

    Tasks and challenges
    UNIQA Insurance operates in the high-risk financial sector, processing customers’ personal and financial data while complying with ISO 27001 and GDPR standards.
    Due to the risk of data breaches and app hacks, the company initiated a scheduled security test of its iOS app, the key channel for customer interaction.
     
    • Conduct a penetration test of the iOS app, including API and backend components.
    • Analyze authentication, network traffic, and integrations with other services.
    • Identify all vulnerabilities and prepare a detailed report with recommendations.
    • Ensure compliance with GDPR and financial industry security standards.
    icon
    Perform penetration testing
    Test the iOS app for vulnerabilities
    icon
    Assess cyber protection
    Analyze risks of data leaks and account breaches
    icon
    Prepare a comprehensive report
    Describe issues and risks, provide recommendations
    Our approach

    Within the project, we performed a comprehensive security review of UNIQA’s iOS app, covering API requests, authentication, network traffic, and third-party integrations.

    The main method was a penetration test using the Gray-box approach. We combined automated scanning (Burp Suite, OWASP Mobile Testing Guide) with manual testing and custom scripts to analyze critical areas.

    This approach allowed us to identify 19 vulnerabilities, including one critical issue, and to deliver detailed technical recommendations for remediation.

    Gray-box
    Gray-box
    The team had limited access to technical information. This enabled us to simulate real-world attack scenarios from the perspective of a partially informed attacker, achieving a balance between depth and realism.
    Main project stages and decisions

    During the project, the team discovered third-party integrations that were not initially reported by the client and promptly included them in the assessment. This allowed us to cover all critical system components.

    The project was delivered in full and on time. Communication with the UNIQA team was transparent, with regular updates ensuring clarity and a quick response to any issues.

    The workflow included several key stages:

    • Preparation
      — planning, clarifying technical details, and analyzing the app’s architecture to identify risk areas.
    • iOS app penetration testing (gray-box)
      — testing APIs, authentication, network traffic, and integrations using a mix of automated and manual methods.
    • Analysis and reporting
      — compiling a detailed report on the work performed, along with recommendations to eliminate vulnerabilities and strengthen overall security.
    How we can help you?

    Every cybersecurity case study we solve involves deep analysis, tailored solutions, and measurable results.
    Datami has already helped over 600 companies strengthen their digital defenses — and we can do the same for your business.
    Ready to take action?

    Let’s start with a free consultation!
    Results and recommendations
    Results and recommendations

    At the start of the project, the security level of the UNIQA mobile app was assessed as moderately risky: one high-risk and several configuration issues posed potential threats to personal and financial data. During the penetration test, the Datami team identified 19 vulnerabilities, including one critical.

    After implementing the recommendations, the system became significantly more resilient to attacks: the risk of unauthorized access was substantially reduced, the probability of data leakage was minimized, and compliance with GDPR and financial standards was improved.

    The client received clear recommendations for further strengthening cybersecurity, including:

    1. remediation of vulnerabilities;
    2. a review of authentication processes;
    3. verification of all third-party integrations.

    UNIQA not only gained a better understanding of technical risks and actionable steps for remediation but also reduced potential financial and reputational losses. All project objectives were achieved.

    Our certificates
    Key project outcomes

    Thanks to the collaboration with Datami, UNIQA Insurance received comprehensive security testing of its iOS application (19 vulnerabilities identified, including one critical) and clear recommendations for their elimination. The system became more resilient to attacks, and GDPR compliance was significantly improved.

    This cybersecurity case study proves that even large-scale companies working with sensitive data require regular penetration testing — a cornerstone of digital security that helps avoid financial, legal, and reputational risks.

    Category
    Before the project
    After implementation
    Security level
    Moderate risk
    Risk level reduced, 19 vulnerabilities found, critical fixed
    Critical vulnerabilities
    Potentially present
    1 identified and eliminated
    Account compromise
    Possible due to auth flaws
    Risk reduced after fixes
    Third-party integrations
    Not all documented
    Discovered and tested
    Security compliance
    Partial compliance
    Improved compliance with financial standards
    Timeline
    Dependent on client’s internal deadlines
    Project completed on time
    More success stories with Datami
    Browse other project case studies
    DDoS Protection and 24/7 Cyber Monitoring

    DDoS Protection and 24/7 Cyber Monitoring

    • Implemented the DataGuard solution based on Cloudflare to protect the website
    • Established reliable protection against DDoS attacks and bot traffic
    Services:
    Implementation of DataGuard and Cloudflare, 24/7 monitoring
    Aug 8, 2025
    Website Protection from DDoS Attacks

    Website Protection from DDoS Attacks

    • Implemented the DataGuard solution for website protection
    • DDoS protection deployed within 3 days
    Services:
    Website protection with DataGuard (Cloudflare), continuous monitoring, Cloudflare infrastructure management
    Aug 8, 2025
    Protection of E-commerce Websites From DDoS via DataGuard

    Protection of E-commerce Websites From DDoS via DataGuard

    • Implemented DataGuard to protect from DDoS attacks
    • Enabled rapid incident response
    Services:
    24/7 cybersecurity monitoring, integration with Cloudflare
     
    Aug 7, 2025
    Security image
    Ready to assess your project's security?
    Contact Datami — we’ll help you identify risks, strengthen your cybersecurity, and confidently pass certification.
    Datami articles
    Fraudulent Applications in the Firefox Browser Datami Newsroom
    Datami Newsroom

    Fraudulent Applications in the Firefox Browser

    More than 40 fraudulent programs have been identified in the Mozilla Firefox browser. These extensions mimic legitimate wallet tools from popular platforms. The large-scale campaign has been ongoing since April 2025.

    Aug 22, 2025 3 min
    Large-Scale Fraudulent Operations on Android Datami Newsroom
    Datami Newsroom

    Large-Scale Fraudulent Operations on Android

    According to recent data, applications were discovered that loaded out-of-context ads onto users’ screens. The applications have already been removed by Google from the Play Store. The peak activity exceeded 1.2 billion requests per day.

    Aug 22, 2025 3 min
    Cybersecurity in Space: How NASA’s “Pink Book” Was Created Datami Newsroom
    Datami Newsroom

    Cybersecurity in Space: How NASA’s “Pink Book” Was Created

    In the space industry, there is a document called the “Pink Book” known to everyone who works in security. It is NASA’s internal cybersecurity standard created by the legendary Rich Owen. Its principles still shape the rules of the game in cybersecurity.

    Aug 20, 2025 1 min
    Order a free consultation
    We value your privacy
    We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy