(929) 590-5818 [email protected]
en
en

Case Study UNIQA Insurance: Cybersecurity Testing of the Insurance Company’s iOS App

Client:
Uniqa Insurance — a major international insurance company headquartered in Vienna
Industry:
Insurance
Focus:
Protection of personal and financial data in the mobile application
Main challenge:
Security testing of the iOS app to prevent data leaks and unauthorized access
Market:
Central and Eastern Europe
Services provided:
Mobile app (iOS) penetration testing, authentication analysis, API review, network traffic inspection, and integration testing.
Key Takeaways
  • Conducted a Gray-box penetration test of the iOS app
  • Audited critical components: API, authentication, and integrations
  • Identified 19 vulnerabilities, including one critical issue
  • Delivered a report with clear risk mitigation recommendations
  • Improved security level and GDPR compliance
    • 19
    vulnerabilities identified
    GDPR
    requirements addressed
    100%
    on-time delivery
    Case Study UNIQA Insurance: Cybersecurity Testing of the Insurance Company’s iOS App
    Dec 20, 2024
    14 min
    UNIQA Insurance commissioned a security audit of its iOS app to prevent leaks of personal and financial data. During a Gray-box penetration test, the Datami team identified 19 vulnerabilities and provided recommendations that helped reduce risks and improve GDPR compliance.

    Uniqa Insurance is an international insurance corporation headquartered in Vienna, operating across Central and Eastern Europe. The company actively leverages mobile apps, a website, a client portal, and online services that serve tens of thousands of clients daily.

    For UNIQA, protecting against data leaks, unauthorized access, and mobile app breaches is absolutely critical.

    Tasks and challenges
    UNIQA Insurance operates in the high-risk financial sector, processing customers’ personal and financial data while complying with ISO 27001 and GDPR standards.
    Due to the risk of data breaches and app hacks, the company initiated a scheduled security test of its iOS app, the key channel for customer interaction.
     
    • Conduct a penetration test of the iOS app, including API and backend components.
    • Analyze authentication, network traffic, and integrations with other services.
    • Identify all vulnerabilities and prepare a detailed report with recommendations.
    • Ensure compliance with GDPR and financial industry security standards.
    icon
    Perform penetration testing
    Test the iOS app for vulnerabilities
    icon
    Assess cyber protection
    Analyze risks of data leaks and account breaches
    icon
    Prepare a comprehensive report
    Describe issues and risks, provide recommendations
    Datami’s methodology for UNIQA Insurance security testing
    Our approach

    Within the project, we performed a comprehensive security review of UNIQA’s iOS app, covering API requests, authentication, network traffic, and third-party integrations.

    The main method was a penetration test using the Gray-box approach. We combined automated scanning (Burp Suite, OWASP Mobile Testing Guide) with manual testing and custom scripts to analyze critical areas.

    This approach allowed us to identify 19 vulnerabilities, including one critical issue, and to deliver detailed technical recommendations for remediation.

    Gray-box
    Gray-box
    The team had limited access to technical information. This enabled us to simulate real-world attack scenarios from the perspective of a partially informed attacker, achieving a balance between depth and realism.
    Main project stages and decisions

    During the project, the team discovered third-party integrations that were not initially reported by the client and promptly included them in the assessment. This allowed us to cover all critical system components.

    The project was delivered in full and on time. Communication with the UNIQA team was transparent, with regular updates ensuring clarity and a quick response to any issues.

    The workflow included several key stages:

    • Preparation
      — planning, clarifying technical details, and analyzing the app’s architecture to identify risk areas.
    • iOS app penetration testing (gray-box)
      — testing APIs, authentication, network traffic, and integrations using a mix of automated and manual methods.
    • Analysis and reporting
      — compiling a detailed report on the work performed, along with recommendations to eliminate vulnerabilities and strengthen overall security.
    Cybersecurity starts with action
    How we can help you?

    Every cybersecurity case study we solve involves deep analysis, tailored solutions, and measurable results.
    Datami has already helped over 600 companies strengthen their digital defenses — and we can do the same for your business.
    Ready to take action?

    Let’s start with a free consultation!
    Results and recommendations
    Fewer critical risks — more confidence
    Results and recommendations

    At the start of the project, the security level of the UNIQA mobile app was assessed as moderately risky: one high-risk and several configuration issues posed potential threats to personal and financial data. During the penetration test, the Datami team identified 19 vulnerabilities, including one critical.

    After implementing the recommendations, the system became significantly more resilient to attacks: the risk of unauthorized access was substantially reduced, the probability of data leakage was minimized, and compliance with GDPR and financial standards was improved.

    The client received clear recommendations for further strengthening cybersecurity, including:

    1. remediation of vulnerabilities;
    2. a review of authentication processes;
    3. verification of all third-party integrations.

    UNIQA not only gained a better understanding of technical risks and actionable steps for remediation but also reduced potential financial and reputational losses. All project objectives were achieved.

    Our certificates
    Key project outcomes

    Thanks to the collaboration with Datami, UNIQA Insurance received comprehensive security testing of its iOS application (19 vulnerabilities identified, including one critical) and clear recommendations for their elimination. The system became more resilient to attacks, and GDPR compliance was significantly improved.

    This cybersecurity case study proves that even large-scale companies working with sensitive data require regular penetration testing — a cornerstone of digital security that helps avoid financial, legal, and reputational risks.

    Category
    Before the project
    After implementation
    Security level
    Moderate risk
    Risk level reduced, 19 vulnerabilities found, critical fixed
    Critical vulnerabilities
    Potentially present
    1 identified and eliminated
    Account compromise
    Possible due to auth flaws
    Risk reduced after fixes
    Third-party integrations
    Not all documented
    Discovered and tested
    Security compliance
    Partial compliance
    Improved compliance with financial standards
    Timeline
    Dependent on client’s internal deadlines
    Project completed on time
    More success stories with Datami
    Browse other project case studies
    Pentest and Protection of Platform from DDoS

    Pentest and Protection of Platform from DDoS

    • Discovered 30 vulnerabilities in two web applications
    • Implemented DataGuard and Cloudflare for DDoS protection
    Services:
    Black-box web app pentesting, implementation of Dataguard
    Jul 8, 2025
    P2P Platform Case Study: Comprehensive Security and GDPR Compliance Audit

    P2P Platform Case Study: Comprehensive Security and GDPR Compliance Audit

    • Identified 10 vulnerabilities, including 3 critical ones
    • Improved GDPR compliance and avoided potential financial losses of up to $300,000
    Services:
    Penetration testing, smart contract audit, code security review, testing for SQLi, XSS, and RCE vulnerabilities, OSINT analysis, and cloud infrastructure security assessment
    Jun 27, 2025
    Case Study: Consulting Company – Security Testing of Web Resources and Infrastructure

    Case Study: Consulting Company – Security Testing of Web Resources and Infrastructure

    • Conducted black-box pentest of two web resources and infrastructure components
    • Identified 19 vulnerabilities: 1 critical, 8 medium, 7 low, and 3 informational
    Services:
    Black-box pentest of two web resources with different domain zones (UA and UK), and assessment of related infrastructure components
    Jun 6, 2025
    Back to all cases
    Security image
    Ready to assess your project's security?
    Contact Datami — we’ll help you identify risks, strengthen your cybersecurity, and confidently pass certification.
    Datami articles
    First Penetration Test: 7 Unexpected Takeaways for Clients Datami Newsroom
    Datami Newsroom

    First Penetration Test: 7 Unexpected Takeaways for Clients

    Many companies postpone penetration testing due to various fears and misconceptions. However, once they decide to conduct their first test, they receive unexpected results.

    Jul 11, 2025 3 min
    The Enemy Within: Top 5 Insider Cyber Threats for Companies in 2025 Datami Newsroom
    Datami Newsroom

    The Enemy Within: Top 5 Insider Cyber Threats for Companies in 2025

    Company leaders often greatly underestimate insider cyber threats - yet it is employee actions, even unintentional ones, that can lead to catastrophic consequences.

    Jul 8, 2025 3 min
    Top 5 Companies That Refused to Pay Hackers a Ransom Datami Newsroom
    Datami Newsroom

    Top 5 Companies That Refused to Pay Hackers a Ransom

    In May 2025, hackers breached Coinbase, stole data, and demanded a ransom. But the crypto exchange turned to law enforcement for help. This is just one example of how companies are standing up to cyber extortion.

    Jul 4, 2025 3 min
    Show all articles
    Order a free consultation
    By submitting this form, I confirm that I have read and agree to the Privacy policy
    We value your privacy
    We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy