The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data.
http://viaforensics.com/appwatchdog/usaa-android.html
http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html