Mobile banking once entailed little beyond the ability to receive a text message with your account balance. But these days, it s finally starting to live up to its name. Virtually every large bank and many regional banks and credit unions have rolled out applications that allow their clients to use a mobile phone for fund transfers, bill payments and even depositing checks.

But with the increasing popularity and convenience of mobile-banking apps comes a big caveat: the risk of downloading and installing a fraudulent application that could draw your account information and, potentially, any other data stored on your mobile device. In other words, the next generation of phishing scams is about to explode and it has the potential to do much more damage than earlier versions.

The trend is still in its infancy, but there have already been instances of potential fraud. In December, Google pulled 50 applications from its Android Market in response to concerns that they may be malicious. All apps were uploaded by the same developer and claimed to offer access to bank accounts from a wide variety of institutions, from big names like JP Morgan Chase, HSBC Holdings, US Bank, USAA and ING Groep to local credit unions.

Smartphones are extremely prolific right now and there is opportunity there for criminals to be seeding stores with applications intended to capture personal information, says Nick Holland, a senior analyst at market-research firm Aite Group. We re on the tip of an explosion in terms of bad apps. Even more worrisome, fraudulent apps may be more difficult to spot than was the case with the fake web sites used by phishing scammers. An unusual web address, or URL, could easily flag a web site as fake, but that s not the case with smartphone applications. And the fact that an application is available through an app store gives it an aura of credibility, says Holland.

Google declined to comment on the incident and it isn t known just how many consumers have downloaded those apps. Scott Moeller, the chief executive officer of mShift, a company that develops applications for around 200 banks and credit unions, estimates that number to be below 1,000. (At least one of mShift s clients was among the affected institutions.) The apps were priced in U.K. pounds (at 0.99 each), which must have kept U.S. consumers at bay, Moeller says. That would probably not have been the case if they had been free or priced in U.S. dollars. There s a yearning for mobile applications, Moeller says. You could put out 50 apps at once and people would start downloading them immediately.

The issue has already gotten the attention of banks fraud departments, which are charged with monitoring for such incidents and warning their customers. And it works both ways: Sometimes it s the customers who flag potential fraud. Paul Berry, a spokesman for USAA, says the bank found out about the December Android incident almost immediately from a bank member. We have a fraud department that covers the vast range of banking fraud and insurance fraud and we have members who ll call us and let us know, he says.

Companies that own the application marketplaces say they too are on the watch for fraudulent apps. At Apple (AAPL), the policy is to vet each application before it appears in the App Store. But no system is foolproof. For example, there are apps for so-called jailbroken iPhones, which are unlocked in order to allow the use of other networks besides AT&T, or to download applications sold on third-party marketplaces. The practice makes the compromised phones more prone to fraud. Apple spokeswoman Trudy Muller said the company takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users."

Google s Android Market, meanwhile, is considered more open than the App Store and relies on its community to flag fraudulent applications, says Moeller. While Google removes apps that violate its policy, that's only after they have appeared on the company s marketplace, where they could have been downloaded and installed by customers.

The Android Market Content Policy clearly states that we do not allow applications on Android Market to identify themselves with third-party marks without permission, said a Google spokeswoman. If an application violates the content policy, we will remove it from Android Market, and developer accounts will be terminated for repeated violations.

There are a few steps consumers can take to avoid this new type of fraud. You could download your bank s application through its own web site. A legitimate application will require you to go through an authentication process to register your phone and create an original username and password, says Emmett Higdon, a senior analyst with Forrester Research who covers online and mobile financial services.

Alternatively, you could use your phone s browser to link directly with your bank s web site, instead of downloading an application, says Moeller.

Ultimately, it will be up to the banks and wireless companies to detect and prevent this type of fraud from reaching their customers in the first place. This is part of the natural progression of rolling out a new channel, says Higdon. We went through this with online banking and will go through this all over again with mobile banking.