Well, to answer the question in the middle of this, “How do you know whether your app is using https or not?”
The bad news is you don’t.
And there’s no way to tell which technique a mobile app on an iPad or an iPhone, or on an Android device may use to confirm that it’s using secure connections.
A while back, I was concerned with this very issue with my Google mail app which I use extensively on my portable devices.
I actually set up a scenario where I had a packet sniffer on a different computer so that I could actually watch the low-level packets go by – and I was able to confirm that the Google mail app on my Android phone (at the time) was using a secure connection to transmit data to and from my device.
I did not confirm for every possible application. It’s just not feasible to do that, but I at least wanted to make sure that that one was doing it right.
By now, most banks should know to use https or an equivalent secured encrypted connection, be it in a web browser or an application.
The key words being most “should.”
Does yours? I don’t know.
If they tell you that they do, can you confirm it? Not really.
So, in my case, I elect to trust my bank and assume that they are indeed using a secure connection on the application. For the bank, the negative repercussions of being found out if they weren’t using a secure connection would be significantly bad PR.
So I have to assume that they are at least scared enough of the public relations issue that they’re at least attempting to do the right thing. But is there a way for you and me to tell? Nope.