Dear Ad,

First of all, it would be important to know what your specific concerns are here.

Let me list some security aspects of the solution:

1) As recommended, a SSL encryption is used for the mobile session including login. All data/communication gets fully encrypted and is thereby considered to be safe (state of the art). SSL is supposed to prevent that data can be read or tampered. To my best knowledge, most online banking services have the same approach

2) The network firewall has to be configured strictly indeed - allowing only external access to the particular hostname / IP-address / server port

3) Any URLs pointing to the B1i server have a secured access

This solution has been developed, checked and delivered in line with all relevant SAP'S security standards.

You can also find information on security aspects in Administratoru2019s Guide for the Integration Component.

Pishing in this context is not that relevant, thanks to the distribution model of Apple and the App capsulation

In order to fulfill higher security needs you'd follow these recommendations on top:

a) Use VPN (I've just seen )

b) Depending on chosen firewall, restrict URLs according to the specific URL pattern

Due to customer-specific requirements and conditions, naturally we cannot cover all possible security aspects. In this respect we cannot replace a holistic Network Security Consulting.

Hope this helps,

regards, peter