• @zurvan2
    link
    English
    671 year ago

    The privacy implications of this are not cool. I’m not OK with every app knowing which apps I have installed. Or any app knowing that, frankly.

  • @[email protected]
    link
    fedilink
    English
    431 year ago

    Same for DBS bank, also in Singapore. Their app, which is mandatory to generate login & transaction approval OTPs, doesn’t even work on a stock OnePlus phone since it detects part of the OS as “modified”.

    Since I have to use that bank for my company, I had to buy a separate phone that’s now sitting in my drawer 24/7 for that purpose alone.

    • HidingCat
      link
      fedilink
      101 year ago

      WTF, I remember the UOB banking app not liking my phone being rooted and what not, but Magisk would work sometimes. But a stock phone not working is especially fucked up. Did you find out what was triggering the response?

      • @[email protected]
        link
        fedilink
        English
        71 year ago

        I’ve escalated this all the way to their app developers and in the end they told me something about permissions to draw over other apps being enabled in the default launcher, which they consider to be “malicious”. So my options were to install a third party launcher and forcefully uninstall the default OnePlus launcher (via adb, since any other method would require root), or use a different phone altogether.

        Now I’m using Nova Launcher anyway, but it had glitches every here and there where it would default back to the standard launcher, so uninstalling that was a risk I didn’t want to take.

    • @[email protected]
      link
      fedilink
      English
      31 year ago

      Yeah, it’s the same for iOS when you sideload any app. You can always get an SMS OTP to login though

      • @[email protected]
        link
        fedilink
        English
        61 year ago

        For sideloaded apps I can understand the rationale at least, but a stock phone really shouldn’t have any issues with a genuinely downloaded app from google play.

  • @kautau
    link
    English
    221 year ago

    Why tf does android let apps see this sort of info? This absolutely should be sandboxed

  • Otter
    link
    fedilink
    English
    22
    edit-2
    1 year ago

    Could you sandbox the banking app in the work profile with something like Shelter?

    It’s unfortunate for those that can’t switch banks, but this would be a strong reason for making me want to switch. I’d rather skip the one mobile banking app than uninstall every other app lol

    Amid the complaints, industry regulator Monetary Authority of Singapore (MAS) released a statement voicing its support for the bank’s security feature, which it said aims to address risks associated with downloading applications from unauthorized sources, since these may contain malware.

    Maybe I just haven’t encountered it, but are there malware apps? Just trying to get legitimate apps to work sometimes means having to enable debugging, approve permissions and jump through a whole bunch of warnings. Even then apps will get flagged by Play services (ex. Those game currency spoofer apps)

    OCBC was the center of a spate of SMS phishing scams last year, which wiped out SG$13.7 million ($10.17 million) from the accounts of 790 customers. Scammers had manipulated SMS Sender ID details to push out messages that appeared to be from OCBC, urging the victims to resolve issues with their bank accounts. They then were redirected to phishing websites and instructed to key in their bank login details, including username, PIN, and One-Time Password (OTP).

    That’s not from bad apps… If anything this new policy will make me use the mobile website instead of the app.

    • Marxine
      link
      fedilink
      English
      141 year ago

      That’s not from bad apps… If anything this new policy will make me use the mobile website instead of the app.

      I’d also consider switching banks if it isn’t too much of a hassle. They clearly can’t invest well in terms of security for their users.

    • HidingCat
      link
      fedilink
      31 year ago

      Can’t use the mobile website, because the OTP is generated via the app. So you’ll still need the app. Standalone OTP tokens are being phased out; my bank’s doing so from October this year.

  • @[email protected]
    link
    fedilink
    English
    171 year ago

    And here I thought DBS Digibank’s anti-tamper protection was too strict. To be honest, I don’t know why these banks spend so much effort protecting the app from hacking, when most fraud comes from someone divulging account information to a scammer

  • @essteeyou
    link
    English
    151 year ago

    Years ago a team I worked on came up with some ideas for how to use this ability in a music streaming service.

    Just installed Tinder? Have a breakup playlist.

    Just installed Airbnb? Have some travel playlists.

    We didn’t do it because it was such an invasion of privacy.

    • @[email protected]
      link
      fedilink
      English
      61 year ago

      Sadly the voting with wallet approach is only a short term solution imo.

      One big player makes the contraversial move, gets some flack then most people forgets. Other players later make the same moves saying this is industry standard now, since the big players are doing it.

      Playing the system by workarounds, root hiding, sandboxing tools etc. Will probably work temporarily also until they figure out what people are doing to circumvent the locks.

  • @[email protected]
    link
    fedilink
    English
    121 year ago

    How are they managing to do this? Surely it requires a permission in Android to access the list of installed apps, right?

    • @sugartits
      link
      English
      101 year ago

      It’s a default permission which can’t be revoked.

      • @[email protected]
        link
        fedilink
        English
        51 year ago

        Wow that seems like a strange permission to have as default. It doesn’t seem like very many apps have a legitimate need for listing other installed apps unless I’m missing something.

        • @sugartits
          link
          English
          11 year ago

          Plugins and addons for other apps is probably the original motivator for this. Also handy to check if an app is present to listen to the intent signal you’re about to send out.

          Of course, then the malware/spyware writers got ahold of it and here we are. Something with good intentions and assholes come along and ruin it for everyone. Kinda like pop up windows and cookies.

    • @outbound5231
      link
      English
      91 year ago

      It might be checking for specific root-related files on your device.

    • @superfes
      link
      English
      61 year ago

      It’s a good joke, don’t let anybody else get you down.

  • @superfes
    link
    English
    51 year ago

    But you are allowed to download malware from the AppStore, feel free to do it that way instead.