When You Install A Local Banking App, What Data Are You Giving Away?

Farai Mudzingwa Avatar

If you have tried your hand at internet banking – using the banking apps specifically- you’ve probably had a convenient experience thus far. It’s certainly better than what you get using USSD anyway. But what do these banks ask for in return?

Most of us (myself included) download an app and quickly allow the app to get access to whatever it wants on your phone. Rarely do we read through the permissions that these applications ask for but I took some time to compare the banking applications to see which ones are bordering on the creepy side when it comes to what you can allow them to access on your phone.

Permissions you can grantSteward BankCBZ TouchZB eWalletStandard Chartered ZimFBC Mobile BankingCABS Mobile BankingPOSB Mobile BankingNMB BankAgribank Mobile Banking
CalendarOptionalOptionalN/AN/AN/AN/AN/AN/AN/A
CameraOptionalOptionalN/AN/AN/AN/AN/AN/AN/A
ContactsOptionalOptionalN/AN/AN/AN/AN/AN/AN/A
LocationOptionalOptionalOptionalOptionalOptionalOptionalN/AN/AN/A
MicrophoneYesN/AN/AN/AN/AN/AN/AN/A
Phone (Dialer)OptionalOptionalOptionalN/AOptionalOptionalOptionalOptionalOptional
StorageYesOptionalN/AN/AN/AOptionalN/AN/AN/A
Access to mail informationOptionalN/AN/AN/AN/AN/AN/AN/AN/A

One of the creepiest metrics (or maybe just the one I don’t understand) is the location. It seems only 3 banks don’t offer users to turn on location tracking (POSB, NMB and AgriBank). Maybe it would be wise for the ones that have optional location tracking to explain why they have it and how it serves a purpose for the customer.

POSB, NMB and AgriBank are also the 3 least intrusive banking apps as they only ask for access to your dialer. Apart from that users don’t even have the option to turn on other permissions. Depending on how you feel about data being handled this could give you some peace of mind if you’re banking with these 3.

Microphone access??

You may be wondering why Steward Bank is the only bank requesting microphone access. Well, they have an assistant inside their banking application and you can make some requests via voice, which is why you would need to allow the app to access your mic.

And access to mail information?

Steward is also the lone bank that you can allow to access your mail information. Again, why you would want to do that is beyond me and it would be helpful to both customers and banks if they provided information regarding why they would do this. Failure to do so suggests some creepy stuff may be going on if you give them access to your mail info.

No one is forced

The good thing about these apps is that most of the intrusive or “weird” permissions are optional. What this means is that if you’re tech savvy you can just turn of every permission that makes you uneasy. Unfortunately, for the majority that isn’t tech savvy and grants apps access to their location with no clear explanation you’re at risk of having your data harvested…

,

3 comments

  1. Imi Vanhu Musadaro

    At the very least, you could have asked the developers/banks responsible why they need those permissions. They would know the real reason those permissions were requested. Alternatively, you could ask other app developers, why these permissions could be necessary/unnecessary. Failing that, you could also do a Google search. That’s what is called research.

    Apps should only request permissions that they need, but there’s nothing in the article for (or against) the need of the listed permissions. Permissions depend on the functionality provided by individual apps, not on your opinion as a user.

    If you want to be able to call a branch from within the app, the phone dialer permission is necessary. But, if there’s no calling related feature for the user, anywhere in the app, then it is unnecessary. This is despite the fact that this permission cannot leak any user data without the user being aware of it.

    Location tracking can be used to find the closest branch, or ATM. You aren’t always in familiar territory where you know where every branch/atm is. The location permission would be required to implement this function.

    If you can save account information, or even banking product brochures, to your phone. The storage permission would be required, if you want to be able to save the downloaded information anywhere on your phone.

    I haven’t heard of the mail (or mail information) permission, maybe it’s on Apple devices. Anyway, you cannot discuss permissions, without talking about functionality.

  2. Guy Goma

    Location can also be used to detect suspicious activity. A person cannot be in Harare now,then Durban 10 seconds later.Such Location will be used for flagging suspicious activity and the Bank can assist in preventing your money being taken by vultures.

  3. Anonymous

    Ini I don’t know much all I can say just look at the adverts you get on YouTube or on your Google search engines it’s the stuff that you will be talking about with friends and this means Google is listening ska no data is safe kana kwakutoda security just use a burner phone

2023 © Techzim All rights reserved. Hosted By Cloud Unboxed