1. Download our Official Android App: Forums for Android!

Chase Bank wants EVERYTHING!!!

Discussion in 'Android Apps & Games' started by Phil Indeblanc, Mar 11, 2016.

  1. Phil Indeblanc

    Thread Starter
    Rank:
    None
    Points:
    28
    Posts:
    66
    Joined:
    Feb 16, 2016

    Feb 16, 2016
    66
    10
    28
    I had to stop into Chase bank. The person helping me out said to just download the Chase app and you can see if your deposit is cleared and such. So I looked up the app, and hit install...
    So Chase wants:
    Identity- Uses one or more account on device, profile data.
    Contacts-Uses contact info (but that is already in Identity. This says Contacts, more than 1)
    Location-Devices location
    Photos/Media/Files-Uses one or more of, also access to External Storage!
    Camera- Devices camera. No prob as you take pix to deposit.
    Wifi connect Info-View info about wifi, networking, names of connected devices


    REALLY!???
    This is the type of app I want to use on my phone?

    When you check the same app on the Apple device, it asks for
    Location
    Camera
    THATS IT!!!

    Did I just swap phones from iOS to Droid for a horrible app experience?
    So far I have only been able to install 3 apps, as most other things that have ZERO reason to ask for certain info, require me it to install.

    Isn't google putting SOME parameters on these apps? I mean I can understand you getting some questionable access from some game, or supposed productivity app...But CHASE BANKING...I know bankers are thieves, but this is Googles hand in allowing them to do more than just banking.

    So as much as I LOVE how it tells me this info, instead of me seeing it on the iOS after I install it, BUT I think there is MUCH to gain from Apple OS if they are checking apps, or setting some parameters to stop apps from having access to things not needed!

    One of the reasons I wanted to give Google a shot was this app install feature that makes it more secure as it makes you aware...but I didn't think it would cripple my ability to use either!

    Maybe I am missing some function? I mean as soon as you install the app can access, grab and packet the info it wants..in case I'm able to disable specific points of access, I'm not sure if I can control that. But, whats the point once the damage is already done just by installing. Copy of info could even be in the Install file.

     

    Advertisement

    #1 Phil Indeblanc, Mar 11, 2016
    Last edited: Mar 12, 2016
  2. Phil Indeblanc

    Thread Starter
    Rank:
    None
    Points:
    28
    Posts:
    66
    Joined:
    Feb 16, 2016

    Feb 16, 2016
    66
    10
    28
    hmmm
    Hard to believe that no one bats an eye at this.
     
  3. Jhayzone

    Jhayzone Android Enthusiast
    Rank:
    None
    Points:
    118
    Posts:
    384
    Joined:
    Oct 21, 2015

    Oct 21, 2015
    384
    223
    118
    I recommend you to ask your bank's representative yourself on why it need this kinds of permission. We cannot give you a guaranteed answer aside from few guesses as to why this permission is needed by a bank app.
     
    psionandy likes this.
  4. zuben el genub

    zuben el genub Extreme Android User
    Rank:
    None
    Points:
    443
    Posts:
    7,412
    Joined:
    Jan 24, 2011

    Jan 24, 2011
    7,412
    2,660
    443
    From Google:

    Notes on Permissions:
    • Location permissions are needed to determine your current location in order to find Chase bank branches and ATMs near you
    • Read Contact permissions are needed to access your contacts to send money via Chase QuickPay(SM)
    • Camera permissions are needed to deposit checks via Chase QuickDeposit(SM)
    • USB storage permissions are needed to view file attachments


    This is the why of some permissions. I don't agree with some either , but they do make sense. If there is more in your app, it would be interesting. Where did you download it?

    I've often wondered about the ability of some apps to identify you. Location is one suspect, and even just GPS alone will tell them. If you download any of the TV news apps, you get a lot of commercials.
     
  5. Crashdamage

    Crashdamage Android Expert
    Rank:
    None
    Points:
    643
    Posts:
    4,446
    Joined:
    Feb 25, 2011

    Feb 25, 2011
    4,446
    2,754
    643
    Mostly retired
    Kansas City, Mo.
    My Commerce Bank app on Android asked for location and camera, nothing else.
     
    KOLIO, Phil Indeblanc, Sento and 2 others like this.
  6. Fox Mulder

    VIP Member
    Rank:
     #48
    Points:
    443
    Posts:
    1,852
    Joined:
    Feb 19, 2012

    Feb 19, 2012
    1,852
    1,497
    443
    NYC
    It's good that you're checking app permissions before installing them, and if this is that much of a concern for you you're certainly free to not download the app. However I'd say it's far less of a concern with an app from a major bank that it would be if the same permissions were listed for, say, a flashlight app. I'm sure Chase has legitimate reasons for needing those permissions (as indicated above) and they're not out to steal your information.
    If other banking apps have fewer permissions it may be because they have less functionality (btw good to see you here Crash).
     
  7. mikedt

    mikedt 你好
    Rank:
     #5
    Points:
    3,238
    Posts:
    27,285
    Joined:
    Sep 22, 2010

    Sep 22, 2010
    27,285
    16,700
    3,238
    Teachaaa
    Jinan, China
    Why hasn't your bank app got SMS permissions, that's first thing I noticed. Because every time I start my Merchant's Bank app, after entering the password and PIN from the security token, it sends an SMS on the registered phone number and expects a code back to verify the login, part of their security measures.

    Yeh, people don't look at permissions, that's why there's so many "free" flashlights and other spyware crap out there.
     
  8. Sento

    Sento Well-Known Member
    Rank:
    None
    Points:
    63
    Posts:
    213
    Joined:
    Jan 19, 2011

    Jan 19, 2011
    213
    62
    63
    ROFL
     
  9. Sento

    Sento Well-Known Member
    Rank:
    None
    Points:
    63
    Posts:
    213
    Joined:
    Jan 19, 2011

    Jan 19, 2011
    213
    62
    63
    I decided to check it out, he is right!! scary.....

    [​IMG]
     
    Phil Indeblanc likes this.
  10. El Presidente

    El Presidente Beware The Milky Pirate!
    VIP Member
    Rank:
    None
    Points:
    3,118
    Posts:
    32,107
    Joined:
    Jan 3, 2011

    Jan 3, 2011
    32,107
    24,090
    3,118
    Scotland
    It may well want your location so it can notify you of any branches located nearby.

    It might also ask for permission to access storage so you can upload any pictures previously taken as opposed to pictures taken with the app.

    I'd be wary of the WiFi and identity permission, but as has been pointed out, it's a legit banking app so I'd probably be ok installing it.

    If your device is running marshmallow, or scheduled to be updated to marshmallow, you're prompted to allow apps access to permissions as and when they need them. That way, if you're not comfortable with what an app needs, you can just deny it when asked.
     
    #10 El Presidente, Mar 12, 2016
    Last edited: Mar 12, 2016
  11. Fox Mulder

    VIP Member
    Rank:
     #48
    Points:
    443
    Posts:
    1,852
    Joined:
    Feb 19, 2012

    Feb 19, 2012
    1,852
    1,497
    443
    NYC
    Or if you're rooted and have Xposed you can use XPrivacy to limit permission. Just bear in mind that restricting permissions can "break" the app, if that happens you'd then have to decide if you're willing to accept the app as-is.
    Again, in the case of this particular app I wouldn't be at all concerned. Same with other apps that are from well-known sources, it's the ones from lesser-known parties we need to be concerned about.
    If the explanations provided regarding the permissions are not adequate for you I'm sure you can contact the developer or Chase online support to inquire further.
     
  12. Slug

    Slug Check six!
    VIP Member
    Rank:
    None
    Points:
    2,043
    Posts:
    20,541
    Joined:
    Aug 1, 2009

    Aug 1, 2009
    20,541
    17,001
    2,043
    Male
    Mobile phone retail
    Inverness, UK
    It's nothing to do with Google. What permission an app requires, and how it uses those permissions, is down to the developer(s). In case of doubt it's always best to ask, as you are doing. One can't be too careful with sensitive info.

    Fwiw, my own banking app requires Contacts, Location, Storage & Telephone permissions. Why is explained on the Play Store page, and I'm fine with that.
     
    KOLIO, Crashdamage and psionandy like this.
  13. Phil Indeblanc

    Thread Starter
    Rank:
    None
    Points:
    28
    Posts:
    66
    Joined:
    Feb 16, 2016

    Feb 16, 2016
    66
    10
    28
    Camera and Location, THATS IT...If you want to give ANYTHING else, it can ask when you prompt a feature. There is NO reason to request all out access like this.

    And for those who think that the bank is OK....they are some reputable source...SUre if youre ONLY concerned with spyware, I might have minimal concern, But if you think they don't log copy and exploit your information when needed, you trust banks WAY too much. The last thing in the world I would trust is a bank. Its like trusting a purchased politician. Get your heads out the sand and do some unfiltered reading! If you knew how the banking and loan business was setup, you CANNOT ignore the fact that the banking system is biggest cook in all of economic world. If you don't know, please do yourself a favor and do plenty reading. But of course when individuals have no kids and futures to worry about, who gives a rats arse!

    But, in society you cannot survive without a bank. Thats how powerful they are, and thats how they have set it up. SO we have to deal with them. But Its interesting to see how some could care less their full info being exploited or being oblivious to it, as little by little all this slips out of the private person's controll, and there will come a time that this breach of privacy will sting the masses so hard they wont know what happened.
     
    #13 Phil Indeblanc, Mar 12, 2016
    Last edited: Mar 12, 2016
  14. svim

    svim Android Expert
    Rank:
     #29
    Points:
    708
    Posts:
    4,821
    Joined:
    Dec 19, 2013

    Dec 19, 2013
    4,821
    4,070
    708
    Illinois
    As it's already been pointed out sometimes an app requires permissions for things that aren't obviously apparent, but as far as their app collecting personal data, your bank already has your most private info already. Any bank application will require you to give them things like your social security number anyway. Besides, banks aren't in the business of selling consumer data they might collect from their apps, they profit off of us in much more blatant and direct ways. Even though our banking industry gets away with any number of bad shenanigans, they're still regulated pretty heavily so smartphone data collection isn't really an issue.

    I'd be more worried about what's going on as far the transfer of your data between your phone and the bank's servers. Banks have a history of not being the most vigilant about online security. Back before smartphones and apps when online banking was tied to a computer and a web browser, the required browser was limited to Internet Explorer because the banking sites still relied on ActiveX. So in essence two things with horribly bad security issues were the necessary requirements to do online banking. Thankfully things have progressed beyond that debacle but there are still banking sites that aren't necessarily secure. Taking a look at Chase's site below, the SSL Labs site gives them a B rating, which could be better but in any case if you scroll down and look into whichever version of Android that applies to your phone, there is an issue that we don't know if the Chase app is relying on Android's certificates or if it has its own internal ones.
    https://www.ssllabs.com/ssltest/analyze.html?d=www.chase.com
     
    Phil Indeblanc likes this.
  15. steiny180

    steiny180 Android Enthusiast
    Rank:
     #117
    Points:
    123
    Posts:
    523
    Joined:
    Aug 7, 2014

    Aug 7, 2014
    523
    237
    123
    Male
    If you don't like their mobile app, don't use it...
     
    Slug likes this.
  16. BillArf

    BillArf Well-Known Member
    Rank:
    None
    Points:
    53
    Posts:
    201
    Joined:
    Aug 7, 2010

    Aug 7, 2010
    201
    84
    53
    Upstate NY & Florida
    I see your post as a rant and little more. If you don't like Chase's mobile app, don't use it...
     
  17. palmtree5

    palmtree5 Sunny Vacation Supporter!
    Moderator
    Rank:
     #34
    Points:
    633
    Posts:
    4,579
    Joined:
    May 2, 2012

    May 2, 2012
    4,579
    3,498
    633
    Male
    Student
    USA
    My guesses on these permissions as a user of the app

    - Not sure
    - QuickPay allows you to add recipients from your contact list
    - Branch/ATM locator
    - Viewing check images? I feel like those would be temporary though and not be kept
    - Mobile deposits like you said
    - Not sure on this one
     
  18. syzmic

    syzmic Well-Known Member
    Rank:
    None
    Points:
    88
    Posts:
    108
    Joined:
    Jul 28, 2013

    Jul 28, 2013
    108
    272
    88
    Male
    Is it possible to open a browser and go to their website to do your banking? Would that avoid all of your security issues?
     
  19. Crashdamage

    Crashdamage Android Expert
    Rank:
    None
    Points:
    643
    Posts:
    4,446
    Joined:
    Feb 25, 2011

    Feb 25, 2011
    4,446
    2,754
    643
    Mostly retired
    Kansas City, Mo.
    Yes of course it is, but a weii designed app is quicker and easier with no security problems.
     
  20. Phil Indeblanc

    Thread Starter
    Rank:
    None
    Points:
    28
    Posts:
    66
    Joined:
    Feb 16, 2016

    Feb 16, 2016
    66
    10
    28
    BillArf....
    I don't understand your point, or should I say the basis of your instruction.
    Do you have anything to add to this, or are you just here to guess peoples intentions, and talk smack about peoples reasons for posting threads? And since when are you the author on who uses what app?

    Are you the "pro banker" and pro information hog that wants to track all user data just in case? What is it that you want? You don't want me stating facts? You don't like the idea of privacy?


    PalmTree, Any app can require a per use permission, that way YOU feed what content you want the app to have access to...Not the other way around. The app shouldn't dictate how your phone works, and It shouldn't be you not having the control, simple as that!

    These are very basic guidelines personal information and privacy SHOULD be working under, and this CHASE app, much like a HACK app, is telling you...Oh, ya, I need all your contacts when I want them, and your pix, your wifi, you location, your ID, and the camera of course, and YOU HAVE NO SAY I CHASE USES ALL THIS.

    But on the iOS, its just Camera and Location. With the option of turning Location off. The app will likely ask as it needs it, but at that point it also maybe asking you for the permission, and then having the unlimited access to what you allowed.

    Syzmic, that maybe the best way to go about these apps that require BS access.
    Crash, yes a app is quicker, but I rather use the web and do what I need vs supporting an app that supports THEIVING of infor as CHASE wants to be known as.
     
    #20 Phil Indeblanc, Mar 14, 2016
    Last edited: Mar 14, 2016
    syzmic likes this.
  21. psionandy

    Moderator
    Rank:
     #19
    Points:
    1,138
    Posts:
    5,863
    Joined:
    Dec 5, 2009

    Dec 5, 2009
    5,863
    8,724
    1,138
    Male
    Gizmonic Institute - mug in a yellow jumpsuit
    liverpool
    That said... Surely the solution in a free economy is for anyone who is unhappy with chase, to contact them. If they are still unhappy then change bank.. And let them know why.

    Market forces will then solve the issue.. Or if not you are with another organisation that you trust.
     
  22. zuben el genub

    zuben el genub Extreme Android User
    Rank:
    None
    Points:
    443
    Posts:
    7,412
    Joined:
    Jan 24, 2011

    Jan 24, 2011
    7,412
    2,660
    443
    Chase is just doing CYA. They are betting that more people want convenience rather than total security. Using the web, there should be a symbol like a lock or a notice that you are on HTTPS: There doesn't seem to be anything on Android where you can check.

    What does the Chase privacy policy say? Do they claim the right to sell or share certain info with any 3rd party?

    I use the web based Pale Moon on Linux. I have an appblocker running along with NoScript. NoScript will pick up the ads that use scripting and ignore just the <img> ones. I don't see too many scripted ads after the main log in screen. Most of the scripting is the banking app itself.

    I'd say that if you use Chase, since you can change permissions on the fly with Marshmallow, enable them when you want them and disable them when you don't. I did that with a couple of apps on a rooted phone using Titanium Backup freeze.
     
  23. Phil Indeblanc

    Thread Starter
    Rank:
    None
    Points:
    28
    Posts:
    66
    Joined:
    Feb 16, 2016

    Feb 16, 2016
    66
    10
    28
    I think I will change my bank. There are 2 other banks. They are mostly ALL the same garbage, except one might force you to keep a min amount in a checking or saving. I will check their apps out.

    Until then, I'm considering having 2 cell phones with me most of the time. In car, at home, at work...Although Chase takes all your wifi info, and who you are connected to.

    Its not a hassle to have both, but use the cell with zero info as the app/web cell and have it link off the hotspot. I think we all have at least 1 extra phone we upgraded from.
     
  24. mikedt

    mikedt 你好
    Rank:
     #5
    Points:
    3,238
    Posts:
    27,285
    Joined:
    Sep 22, 2010

    Sep 22, 2010
    27,285
    16,700
    3,238
    Teachaaa
    Jinan, China
    Sure it's just that, because AFAIK with Apple iOS they don't tell you anything about permissions. It's need to know and Apple thinks you don't need to know, just trust us. Also FWIW I just had a look at the Chase Mobile for iOS app in iTunes on my Mac, can't see anything about permissions in the description of it. But then it gave a message about not being available, probably because I'm not in the US.

    There's some of these "free" snake-oil spyware things that I would never install on Android, because I do care about my privacy, and presumably 360 for iOS has free-run of all your personal data and can phone it home to Beijing, without you knowing. See also Cheetah Mobile, who's entire business is monetizing and selling your data, they make apps for iOS as well.
    360.jpg

    Who would you trust the most or least, JP Morgan Chase & Co. or Cheetah Mobile?
     
    #24 mikedt, Mar 14, 2016
    Last edited: Mar 14, 2016
    Clementine_3 likes this.
  25. Phil Indeblanc

    Thread Starter
    Rank:
    None
    Points:
    28
    Posts:
    66
    Joined:
    Feb 16, 2016

    Feb 16, 2016
    66
    10
    28
    Interesting, I JUST updated to the new Android version, LATEST, and it now DOES NOT, I repeat DOES NOT tell you what the App is going to be accessing!!!! It will do it as you use that feature.

    Say you want to deposit a Check, it will need camera (THIS IS WHERE IT CAN BE FORCING ITS HAND), IF you want to use the camera, it might force you to accept something else? I DON'T KNOW, BUT I wont bother installing it anyway.
    If Google security forces for INDIVIDUAL feature access, then WE GOT a decent or at least better chance of limiting these breaches!
     

Share This Page

Loading...