Critical KYC Compliance Defect: Santander Mobile Profile Update
Mustafo Rajaboev
Executive Summary
While managing my personal banking profile, I identified a high-severity localization bug in the Android mobile application that prevents specific user demographics from updating their citizenship status. This defect creates a potential KYC (Know Your Customer) compliance risk by blocking users from providing accurate legal data.
The Problem
The banking application requires users to keep their 'Citizenship' and 'Country of Birth' data current. However, the mobile dropdown menu fails to index specific countries (e.g., Tajikistan), creating a gap where legitimate users cannot save their profile changes.
Blocking State: User is unable to save profile due to validation error, and the search function fails to return valid country results.
Investigation & Root Cause
To confirm if this was a backend failure or a frontend UI issue, I conducted A/B testing across platforms:
Mobile App (Android): The list jumps from 'Turkey' to 'Ukraine.' Tajikistan is missing.
Desktop Web (Control): Tajikistan is present and selectable.
Conclusion
The backend data exists, but the mobile frontend list validation is improperly filtered or truncated.
Desktop Web Environment (Control): Country is correctly indexed, proving the issue is isolated to the mobile application layer.
Note on Evidence
Visual evidence was captured via external device because the application's security policy (
FLAG_SECURE) prevents native screenshots on Android. PII has been redacted for privacy.Like this project
Posted Dec 31, 2025
Identified a High-Severity Compliance Bug in the 'Personal Data' management flow on the Android app.
Likes
1
Views
0
Timeline
Nov 14, 2025 - Dec 15, 2025
