Using the CBA app now requires that you accept the following permissions:
"The information we collect includes your registered devices, the operating system installed, other apps on your devices and how you use your devices (such as mouse movements, keystroke patterns and swipe movements)."
Not sure how anyone could be comfortable accepting that.
Are not all banks the same?
Yes it does.
Either you accept their terms or move to new bank.
You can just go into the permissions and deny access.
You can disable things like camera, contacts, location, phone… but I don't see any option to disable the things mentioned in the above post.
Was wondering, can you do this on the app, or it's on netbank? Have just looked around the app and couldn't find anything permissions related anywhere (thought it would be under the 'account & security').
No they're talking about refusing the app permissions on your device operating system under App Permissions, but as mentioned this won't stop the keylogger, and dystopian apps that require a blood sacrifice like this usually refuse to operate if you deny any of the permissions
Oh, I see. Thanks for the clarification.
I guess the other option is to disable the app when you aren't using it. Sure it's a pain but I don't bank with them anyway.
So if you use their app, you are breaking the terms of service:
14: Safeguarding your account
against unauthorised access
14.1 Your obligation to protect
against unauthorised access
a. Access methods comprise the keys to
your account. You must do everything you
reasonably can to protect all means of
access to your account.
b. This means making sure your cards,
devices, client numbers, PINs, passwords
and other codes and electronic equipment
are not misused, lost or stolen or disclosed
to any account access service or person
https://www.commbank.com.au/personal/apply-online/download-p…
If I was stupid enough to be a CBA customer I'd have a lot of fun today filing endless fraud reports about their app demanding access to my passwords. Voluntarily installing a keylogger on your system is an instant deal-breaker
Did you download it from a Russian server?
The information your outlining here would be very useful in preventing fraud and scams.
Absolutely and plenty of banks are doing the same thing using companies like biocatch
This was brought up on Reddit about a month ago. See https://old.reddit.com/r/australia/comments/1b1p4y2/why_woul…
Oh wow Reddit is still around? I guess the 60 day IPO sale freeze hasn't happened yet
What is your name?
Aaron Swartz
I’m guessing that one wooshed straight over his head haha
keystroke patterns and swipe movements
OP could uninstall Tinder and feel bit comfortable.
It might be worth checking out either Insular or Shelter apps.
Thanks. I am hoping I can get by with using SMS for MFA.
If they force app use I will either check those out or change banks.
As above, disable the app when not in use.
Maybe use an operating system where the apps are sandboxed and can't see things like that.
Not so easy for regular joe…
But a piece of cake for Irregular Joe
meh. just change banks if you don't like it
Sounds like a bunch of measures designed to prevent inauthentic use, such as access to your accounts by bots.
All of that stuff is exactly the same data that is monitored by a standard CAPTCHA script. I'd be pretty happy if my bank had that level of security in place. Too many of them just require a simple 4 digit pin.
CBA already has your money, they don't need to steal it again.
That is literally why they have been able to develop one of the better banking apps. CBA has a lot more functions and better UI because of people allowing them access to such things.
registered devices
Unless I am misunderstanding, this just means they know all the devices that are logged in to your account. Why would you not want them to not know this so they can prevent unauthorized access? Do you not want to know all the places you've signed in from, perhaps devices you forgot to log out of?
the operating system installed
That's pretty standard..
other apps on your devices
Okay sure, I can see why some people wouldn't be comfortable with that.
how you use your devices (such as mouse movements, keystroke patterns and swipe movements)."
It detects bots, hackers, etc. It also helps the UI team make the app better.
other apps on your devices
Unless they are using private APIs (which is grounds for app removal and/or app update rejections), they won't be able to achieve this on the iOS platform.
other apps on your devices
Okay sure, I can see why some people wouldn't be comfortable with that
They'd hate to know how many apps are already doing this.. Amazon seems to love just constantly checking.
I'm guessing one reason CBA would do it is to check for root related software, maybe known malware. Though I wouldn't rule out the marketing side of it, knowing which other banks you use.
Funny enough, Macquarie just updated their app and on opening was presented with a pretty similar message, More concerning was that it said this collected data is shared with a third party (though I'm guessing CBA does too)
If you trust them with your money why not trust their app lol
But the minute anything starts going missing from your account you will be the first to complain about it too!! It's a safeguard.. and it's a lot of inconvenience, but long term it covers the bank and benefits your protection
Hi OP, when and where did you see this?
I just logged in via my mobile Phone App and got in straight.
I didn't update the app or anything, it was just presented full-screen when opening the app. Declining closed the app.
It came up on mine a few weeks ago after I updated the app.
Macquarie just updated and theirs had a similar message.
TBH I reckon they've always done it anyway. They are probably now just disclosing to cover their asses.
Don't use the app then. Use the web browser and go to CBA website for banking. No need for any apps.
Either you accept their terms or move to new bank.