Security researcher Nitesh Dhanjani has demonstrated a method by which malicious apps could potentially fool web surfers into thinking they are on a trusted site (like a bank website) when they are not, and the trick is tied to Apple's own API for displaying web sites within apps. The technique, called UI spoofing, hides the "genuine" URL (once loaded) and puts a "fake" URL bar on the site instead, tricking unobservant users into believing they are on a different site, or simply hiding the URL bar entirely (once loaded), preventing users from discerning what site they
