• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

how does everyone feel about mobile banking?

miltk

Well-Known Member
Nov 26, 2009
125
5
the chase mobile app looks pretty good, especially when it scans checks for depositing etc etc. but i'm hesitant about the security(or lack of it). as it is, i don't do much in the way of accessing my account online anyway, but am especially wary about performing any MOBILE transactions.

am i overly cautious? is mobile banking more or less secure than online banking from my desktop?
 
I feel safe using the Bank of America app on my phone. I would not feel safe using a third party app to access my account info. I know there are some programs that allow you to access your account info but are not created/endorsed by the bank in question. If the Chase bank app is actaully from Chase bank it should be safe. If you want to verify it is from the bank you can call them to verify.

Also use common sense about accessing info, I have heard of people accessing info on a public wifi source and having the info stolen, so if you are going to access it make sure your connection is secure, if you think are worried about your 3g signal being insecure you may want to think of changing carriers.
 
Upvote 0
For the Chase App I can say it never stores your password. It runs through a secure log in and dumps it. First time use, you have to get a code sent to you to verify the device just as you have to with using a computer with a different IP address than your account is used to seeing.

The check scaner works nicely on everything but my checks from work since they just print it out on normal paper. That works out fine since I have direct deposit for everything besides trip reimbursement. It just has you take a picture of the front and back that it deletes after the images are submitted so again nothing is saved on your phone.

Any time you exit out or let the screen time out it seems to do an auto log off. So it's pretty safe in my opinion. It's been working for me since they came out with the app, no issues yet.
 
Upvote 0
Thats an official Chase app and I've used it for a little over a year. First on iPhone now on Android. I only use it mainly to check balances and don't see any issues using it over the phone own network. Wouldn't use anything like that over public wifi but I'm overly cautious. In fact I'm almost sure its a secure connection no matter what with that app.

Heres a little something I dug up on it.

"Chase charges no fees to use mobile banking, but standard text message and data rates may apply from a customer
 
Upvote 0
Without a doubt mobile banking is less secure than desktop banking. There aren't nearly as many security features in the mobile environment compare to your computer. Not to mention there are protocols/technology that only exist for mobile that could be exploited and taken advantage off.

The problem with mobile banking is not about making a secure connection, because they all do that. The real problem is malware being installed on your device and stealing your information before you even make the connection. And android is especially susceptible to this because there aren't any policing or approval process to go through for apps. So essentially anybody including hackers can post an app that have malicious code in them.

There are also other issues like how username and password are stored by apps, lack of Anti virus software, and unsecured protocols like sms that are vulnerable to attack. I'm not saying mobile banking is extremely dangerous, but I would be very cautious.

Here are two good reads if you're interested
Banks Rush to Fix Security Flaws in Wireless Apps - WSJ.com
Mobile banking apps may be vulnerable: Testing and results | TechRepublic
 
Upvote 0
Without a doubt mobile banking is less secure than desktop banking. There aren't nearly as many security features in the mobile environment compare to your computer. Not to mention there are protocols/technology that only exist for mobile that could be exploited and taken advantage off.

The problem with mobile banking is not about making a secure connection, because they all do that. The real problem is malware being installed on your device and stealing your information before you even make the connection. And android is especially susceptible to this because there aren't any policing or approval process to go through for apps. So essentially anybody including hackers can post an app that have malicious code in them.

Without a doubt you are wrong. You are way more likely to get a keylogger running windows than you are on your android. Apps are scanned for malicious code before they are allowed to be posted on the market, AND tell you what permissions they have, and give you information on the publisher. If you aren't familiar with the publisher and they don't have 250,000 downloads with good comments, and you give it permissions to send your bank information, you deserve it. Luckily even in this case, you're still protected.

There are also other issues like... lack of Anti virus software...

That's because there are no viruses....
 
Upvote 0
the chase mobile app looks pretty good, especially when it scans checks for depositing etc etc. but i'm hesitant about the security(or lack of it). as it is, i don't do much in the way of accessing my account online anyway, but am especially wary about performing any MOBILE transactions.

am i overly cautious? is mobile banking more or less secure than online banking from my desktop?

And when you hand a clerk a check?
Or use an ATM?
All transaction are online whether it appears that way or not.
 
Upvote 0
And when you hand a clerk a check?
Or use an ATM?
All transaction are online whether it appears that way or not.

Agreed. Not to mention those threads are old. All the issues they're talking about have been dealt with.

Viruses on linux are hard to develop because ultimately the user has to grant the app permission. If you grant an app permission you better understand what you're doing first.
 
Upvote 0
Without a doubt you are wrong. You are way more likely to get a keylogger running windows than you are on your android.

Did you even read the articles?? Yes, you're more LIKELY to get infected with malware/viruses for a standard computer because there are not as many of them for mobile...YET. But this is all changing with more and more people using phones and tablets as their source of computing. Malware/viruses are only going to increase (exponentially) within the next few years. The question is do you want to take the risk with your money? It only takes one malware to steal your information.

Apps are scanned for malicious code before they are allowed to be posted on the market, AND tell you what permissions they have, and give you information on the publisher. If you aren't familiar with the publisher and they don't have 250,000 downloads with good comments, and you give it permissions to send your bank information, you deserve it. Luckily even in this case, you're still protected.

About 1% Of Google Android Apps Bad -- InformationWeek

A minimal automated scan is not what I call completely safe to use applications. Yes, a publisher's reputations and comments will give clues to how trustworthy an app is, but let's be honest, not all of us review publishers credentials and app permissions. We see a cool app, we install to try it out. And that doesn't even include applications that are off the market. Besides, malware doesn't only come from apps. It can also come from website, emails, sms etc...

That's because there are no viruses....

Again...did you read the articles???? Here's another good one.

http://www.wired.com/gadgetlab/2010/12/android-malware/

Don't get me wrong, I'm not trying to scare people to not use their mobile device for banking or other transactions. All I'm trying to say is mobile security is still in its infancy and to think that it is as safe as desktop computing is naive.
 
  • Like
Reactions: Rubixious
Upvote 0
dylo22 raises some quite valid points.
Regardless of what you're doing now or have always done, and the whole idea of Linux forcing people to acknowledge accesses... if someone is interested in getting your details, unless the app is CREATED AND MANAGED by the bank you're using it for, I would be highly suspicious.

Can someone tell me why this wouldn't work?

Create app 1: Allows you to log into your bank site. Saves login credentials to SD card as <info.txt>. App says "
androidwarning.gif
Network Communication full internet access;
androidwarning.gif
Storage modify/delete SD card contents " - first is obvious, second dev says this is so you can save it to SD card as all apps are doing these days.

Create app 2: 'Angry Birds on Crack' online game. Also says "Network Communication; Storage". What it does is appends 'highscores' to a file called <info.txt> and sends this to the server so your high score can be 'compared to your friends' ... except it's sending me your banking credentials.

Obviously I need you to have both apps - but that's just about marketing and time - I only need one or two people to get $2,000 return on my investment... obviously ignoring all issues that might occur with your bank trying to find me :p
 
Upvote 0
Create app 1: Allows you to log into your bank site. Saves login credentials to SD card as <info.txt>. App says "
androidwarning.gif
Network Communication full internet access;
androidwarning.gif
Storage modify/delete SD card contents " - first is obvious, second dev says this is so you can save it to SD card as all apps are doing these days.

Well, that's why I only use an app from my bank.
 
Upvote 0
About 1% Of Google Android Apps Bad -- InformationWeek

A minimal automated scan is not what I call completely safe to use applications. Yes, a publisher's reputations and comments will give clues to how trustworthy an app is, but let's be honest, not all of us review publishers credentials and app permissions. We see a cool app, we install to try it out. And that doesn't even include applications that are off the market. Besides, malware doesn't only come from apps. It can also come from website, emails, sms etc...

No, android phones can't get a virus from a website or emails or sms. Also the link you provided has no evidence of viruses, most apps that get taken off the market are for adult content or copyright. No app has been taken off because it was a virus to my knowledge.


Again...did you read the articles???? Here's another good one.

Android Malware Surfaces in Chinese App Markets | Gadget Lab | Wired.com

Don't get me wrong, I'm not trying to scare people to not use their mobile device for banking or other transactions. All I'm trying to say is mobile security is still in its infancy and to think that it is as safe as desktop computing is naive.

Wow a 3rd party chinese app market and there's a virus? *hides under bed

Can someone tell me why this wouldn't work?

Create app 1: Allows you to log into your bank site. Saves login credentials to SD card as <info.txt>. App says "
androidwarning.gif
Network Communication full internet access;
androidwarning.gif
Storage modify/delete SD card contents " - first is obvious, second dev says this is so you can save it to SD card as all apps are doing these days.

Create app 2: 'Angry Birds on Crack' online game. Also says "Network Communication; Storage". What it does is appends 'highscores' to a file called <info.txt> and sends this to the server so your high score can be 'compared to your friends' ... except it's sending me your banking credentials.

Obviously I need you to have both apps - but that's just about marketing and time - I only need one or two people to get $2,000 return on my investment... obviously ignoring all issues that might occur with your bank trying to find me :p

Because nobody is stupid enough(I hope) to download an app that logs into their bank that isn't from their bank.
 
Upvote 0
No, android phones can't get a virus from a website or emails or sms. Also the link you provided has no evidence of viruses, most apps that get taken off the market are for adult content or copyright. No app has been taken off because it was a virus to my knowledge.

You can't get malware from going to a website or just getting an email, but you can get it from clicking on links, pictures, ads etc that are in those mediums. It's call phishing.

Malware Sneaks Into Android Market | Gadget Lab | Wired.com
http://www.************.com/spyware-and-malware-android-apps-in-the-android-market/

Wow a 3rd party chinese app market and there's a virus? *hides under bed

Because nobody is stupid enough(I hope) to download an app that logs into their bank that isn't from their bank.

I'm not sure what your point is in all this. Are you saying Android is impenetrable, and we should all throw caution to the wind? I already posted several articles where security experts are saying malware threats are the rise (especially on android) and mobile security is a concern. I think it's only logical to heed those warnings and take precaution.

Mobile Security: A Crisis Waiting to Happen | Blogs | ITBusinessEdge.com
Experts Agree: No Easy Fix For Mobile Security | threatpost
 
Upvote 0
You can't get malware from going to a website or just getting an email, but you can get it from clicking on links, pictures, ads etc that are in those mediums. It's call phishing.

Malware Sneaks Into Android Market | Gadget Lab | Wired.com
http://www.************.com/spyware-and-malware-android-apps-in-the-android-market/

That's not malware, that's phishing... and like everyone else has said, use your BANK'S MOBILE BANKING APP... NOT some shit with <50 downloads from droid09. Nothing can install itself and run on your phone unless you give it permission, this isn't windows.

This isn't about mobile security anymore... Its about natural selection. If you download random apps to log in to your bank, the cell phone community doesn't need your kind... stop ruining it for everyone else.



From your own link

While malware targeting mobile devices is still a relatively minor concern.


I'm not really sure what YOUR point is... I don't care enough to google one of the thousands of cases of desktop computer banking being hacked, phished, keylogged, or otherwise compromised. All you give me is half-ass phishing schemes with tiny banks that didn't go anywhere.
 
Upvote 0
This is going to be my last post in this thread. It's pointless arguing over this. You either see it as a risk or you don't. People can decide for themselves. I'll respond to some of your points and I'll just leave it at that.

That's not malware, that's phishing... and like everyone else has said, use your BANK'S MOBILE BANKING APP... NOT some shit with <50 downloads from droid09. Nothing can install itself and run on your phone unless you give it permission, this isn't windows.

Phishing is the method to get people to download malicious software. They spoof as innocuous website/apps/links, so that you'll click or download.

Fake Angry Birds App Exposes Android Vulnerability -- Android Security -- InformationWeek

"Android typically requires that a user give explicit permission for an application to access a particular service on the phone, or to install any additional applications. This attack bypasses that security control, allowing an attacker to use one installed application to download and grant complete access rights to additional applications."

The Official Lookout Blog | Three New Android Vulnerabilities Released

"Lastly, at Blackhat Abu Dhabi, a security researcher with MWR InfoSecurity, Nils, will disclose another vulnerability that can also be used to install applications on vulnerable devices without user intervention. While the vulnerability discussed above requires a user to install a vulnerable app, the vulnerability that Nils will present is reported to only requires a user to visit a malicious website. While details are not yet public, this vulnerability likely only affects HTC devices."

Permissions to install isn't fail safe. We shouldn't rely only on one level of security.

This isn't about mobile security anymore... Its about natural selection. If you download random apps to log in to your bank, the cell phone community doesn't need your kind... stop ruining it for everyone else.

It's true, if you were vigilant enough and only install trusted applications and only go to trusted sites, we'll be fine. The same can be said for desktop. If we download from trusted source and surf only on trusted sites, we'll be okay. So why do people insist we need Anitvirus software for your desktop?? Could it be because despite our best efforts, we can still be tricked into downloading or clicking on something that appears innocent but is in fact malicious? Hackers aren't stupid you know. They don't create things with skull and crossbones on them. They create thing that appears 98-99% legit and prey on the fact people are paying enough attention to notice the 1%. Hence, that's why all our computers have AV of them. So that when we're not paying full attention, we're still somewhat protected.

Unfortunately, that's not the case with mobile. AV is an after thought and are deemed unnecessary. Even with the few solutions available, we don't even know how effective they are.

In my mind, if android continues to grow and become a dominant platform, we'll probably go through what we went through in late 80s and early 90s with computers where viruses are common, but antivirus protection was rare and its effectiveness often difficult to judge.

From your own link

While malware targeting mobile devices is still a relatively minor concern.

I'm not really sure what YOUR point is... I don't care enough to google one of the thousands of cases of desktop computer banking being hacked, phished, keylogged, or otherwise compromised. All you give me is half-ass phishing schemes with tiny banks that didn't go anywhere.

My point is mobile security still has a way to go. In its current form, it is less secure than what is on a desktop. There are still many unknowns and not enough mechanism in place to protect our data. In my opinion, mobile banking right now is not worth the risk. I'll wait until Android matures more before diving into it.
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones