There is no real reason for 'apps' to exist in order for a person to conduct business transactions with the entities that have an online presence.
The Bank of Melbourne app, actually opens up the device's web browser in order for the user to conduct their business, therefore negating the need for the use of that app.
Does the Australian Government's Bureau of Meteorology need an app or instead put the information on a mobile friendly web address, which it has.
The duopoly of Apple and Google, have muscled out all competitors and alternative mobile phone operating systems, where the duopoly makes billions of dollars annually from data collected from the app development industry.
Despite whatever assurances the corporations give with regards to the weeding out of suspect apps, the real severity of the risks are being deliberately kept from the public eye.
It took three months before information made the public news media about a suspect banking app, where the claim was that it was shut down within hours of the app being published.
Apps are a closed system, where the end user is unable to scrutinise where their data is going, unlike a website's publicly available source code.
Apps are a real danger to the unsuspecting consumers, but since their existence is aggressively pushed by the duopoly for their huge profitability, it seems that they will be with us for the long run, despite the fact that there are better programming alternatives.
Governments that support the use of their services via apps that must be purchased (for 'free' i.e. no cash exchanged) are supporting data collection by those corporations, which pose a significant risk to the end user's privacy.
We do not support the use of Apple or Google apps.
See article from 20 Sep 2018 by news.com.au of the headline:
CommBank, ANZ hit with scam apps
CUSTOMERS of major Aussie banks have fallen victim to a cunning scam targeting banking apps on mobile phones.
MORE than a thousand CommBank and ANZ customers may have unwittingly handed out their log-in details and credit card numbers after downloading malicious banking apps.
The fake apps went undetected in the Google Play store for weeks and were installed more than 1000 times before IT security research firm ESET raised the alarm in June, The Age reported Thursday.
ESET senior research fellow Nick FitzGerald told the newspaper the apps were discovered during routine checks. He said it was rare for fake banking apps to pass the automated Google Play system.
The fake CommBank and ANZ apps had basic functionality, requesting credit card details or log-in credentials, which may have helped them slip through.
“The apps use obfuscation, which may have contributed to them slipping into the store undetected,” he told The Age, adding code similarities suggested the two apps were the work of the same attacker.
“This is a big concern for anyone who may have handed over personal information. The loss of personally identifiable information can result in financial fraud that may affect you for the rest of your life very negatively.”
CommBank-owned Auckland Savings Bank was also targeted, as were banks in the UK, Switzerland and Poland, and European cryptocurrency exchange Bitpanda, according to the report.
A Google spokesman declined to say how many times the apps were downloaded or how they made it into the Google Play store.
“We remove applications that violate our policies, such as apps that are illegal or that promote hate speech,” he said. “We don’t comment on individual applications — you can check out our policies for more information.”
As the banks were impersonated, not hacked, the scam falls outside Australia’s new mandatory data-breach notification scheme passed into law earlier this year.
A CommBank spokeswoman said the security of customers’ banking details was a “top priority”. “We proactively monitor app stores, and use customer feedback, to identify potential security risks for our customers,” she said.
“Once a suspicious app is identified, we work with the app store to ensure the app is quickly removed or disabled. To protect our customers, we offer the benefit from our 100 per cent Security Guarantee against unauthorised transactions where customers are not at fault.”
An ANZ spokeswoman said the bank was “constantly monitoring for fake ANZ apps and the latest security scams”.
“In June 2018 via a customer we became aware of a fraudulent app called ANZ PayOnGO being advertised on Google Play,” she said. “We worked closely with the Google Play team to have the app removed in a few hours.”
CBA SECURITY ADVICE
Tips on keeping safe when downloading our apps:
• Only install apps from official stores, such as Apple’s App Store or Google Play (for Android phone or tablet).
• Check the name of the publisher before downloading the app.
• Avoid installing apps from links received in an email, social media post, text message or a web page that doesn’t look right. The best way to download an app is to go to the store and download it from there.
• Read user reviews and ratings to assess if an app delivers a good experience.
• Many apps collect and send personal data from your phone, including your location and contacts. Keep on top of this by reviewing and managing permissions for each app. On an iOS device, this can be done under the ‘Settings > Privacy’ function. On an Android device, you can find them under ‘Application Manager’.
• Read the terms of any app looking to access your contacts, location or other personal information when you log in using a third party service (such as Facebook or LinkedIn).
• If a customer notices an unusual transaction on their account, they should contact us on 13 2221 immediately to report it.
• Our apps are published from “Commonwealth Bank of Australia” or “CommSec”. MasterCard publishes two apps for business merchants, “CommBank Simplify Controls” and “CommBank Simplify Payments”, on our behalf.
Source: CommBank
ANZ SECURITY ADVICE
Customers should always check the following before to downloading a new app:
• Check the popularity of the app: thousands of downloads and very few reviews suggests a fake app.
• Check the name of the app or developer and reviews: minor errors in the name, inconsistency with ANZ products or suspicious comments may indicate the app is a fake.
• Check the pattern of reviews including time frames from app launch to commentary: reviews in quick succession of launch are a red flag.
• If in doubt, go to the web page of the developer: lack of details about the developers, and linkage to a legitimate site is another indicator.
• Check that the permissions required by the app are in line with activities you will be performing: if the permissions seem excessive this is another red flag.
• If a customer believes they have downloaded a fake ANZ app please contact us immediately on 1800 033 844
• If they suspect a fake ANZ app is available on Google Play or on the App Store, they should contact hoax@cybersecurity.anz.com
• Information on the latest security alerts can be found on ANZ.com — https://www.anz.com.au/security/fraud-detection/latest-security-alerts/
Source: ANZ
No comments:
Post a Comment