1. Download our Official Android App: Forums for Android!

how does everyone feel about mobile banking?

Discussion in 'Android Apps & Games' started by miltk, Feb 15, 2011.

  1. miltk

    miltk Well-Known Member
    Thread Starter
    Rank:
    None
    Points:
    36
    Posts:
    125
    Joined:
    Nov 26, 2009

    Nov 26, 2009
    125
    5
    36
    the chase mobile app looks pretty good, especially when it scans checks for depositing etc etc. but i'm hesitant about the security(or lack of it). as it is, i don't do much in the way of accessing my account online anyway, but am especially wary about performing any MOBILE transactions.

    am i overly cautious? is mobile banking more or less secure than online banking from my desktop?
     

    Advertisement

  2. pool_shark

    pool_shark Android Expert
    Rank:
     #61
    Points:
    343
    Posts:
    2,524
    Joined:
    Aug 21, 2010

    Aug 21, 2010
    2,524
    596
    343
    Male
    Infrastructure Engineer
    Ohio
    I've been transferring funds between accounts and paying bills from my phone for years.
     
  3. sitlet

    Rank:
    None
    Points:
    213
    Posts:
    5,862
    Joined:
    Apr 11, 2010

    Apr 11, 2010
    5,862
    633
    213
    If you are worried, then dont use it. Personally, I think its fine. Its no different than accessing your bank account through a computer. If someone wants to see what you are doing or hack into your account, they will find a way to do it no matter if you are on a desktop or mobile.
     
  4. Yeahha

    Yeahha Usually off topic
    Rank:
    None
    Points:
    913
    Posts:
    10,474
    Joined:
    Jul 29, 2010

    Jul 29, 2010
    10,474
    4,694
    913
    ...
    FG
    I feel safe using the Bank of America app on my phone. I would not feel safe using a third party app to access my account info. I know there are some programs that allow you to access your account info but are not created/endorsed by the bank in question. If the Chase bank app is actaully from Chase bank it should be safe. If you want to verify it is from the bank you can call them to verify.

    Also use common sense about accessing info, I have heard of people accessing info on a public wifi source and having the info stolen, so if you are going to access it make sure your connection is secure, if you think are worried about your 3g signal being insecure you may want to think of changing carriers.
     
  5. lennyjew

    lennyjew Android Enthusiast
    Rank:
    None
    Points:
    43
    Posts:
    369
    Joined:
    Mar 22, 2010

    Mar 22, 2010
    369
    38
    43
    Calibration Technician
    Dublin, Ohio
    For the Chase App I can say it never stores your password. It runs through a secure log in and dumps it. First time use, you have to get a code sent to you to verify the device just as you have to with using a computer with a different IP address than your account is used to seeing.

    The check scaner works nicely on everything but my checks from work since they just print it out on normal paper. That works out fine since I have direct deposit for everything besides trip reimbursement. It just has you take a picture of the front and back that it deletes after the images are submitted so again nothing is saved on your phone.

    Any time you exit out or let the screen time out it seems to do an auto log off. So it's pretty safe in my opinion. It's been working for me since they came out with the app, no issues yet.
     
  6. Rootmepls

    Rootmepls Android Enthusiast
    Rank:
    None
    Points:
    43
    Posts:
    264
    Joined:
    Jan 22, 2011

    Jan 22, 2011
    264
    29
    43
    NorCal
    Thats an official Chase app and I've used it for a little over a year. First on iPhone now on Android. I only use it mainly to check balances and don't see any issues using it over the phone own network. Wouldn't use anything like that over public wifi but I'm overly cautious. In fact I'm almost sure its a secure connection no matter what with that app.

    Heres a little something I dug up on it.

    "Chase charges no fees to use mobile banking, but standard text message and data rates may apply from a customer
     
  7. takeshi

    takeshi Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    3,350
    Joined:
    Dec 6, 2009

    Dec 6, 2009
    3,350
    283
    163
    No worries here. I'm using USAA's app which also allows for mobile check deposits.
     
  8. miltk

    miltk Well-Known Member
    Thread Starter
    Rank:
    None
    Points:
    36
    Posts:
    125
    Joined:
    Nov 26, 2009

    Nov 26, 2009
    125
    5
    36
    thx....good to know. i also emailed a tech friend at oracle and he's fine with it. i trust him implicitly

    thx all
     
  9. barqers

    barqers Android Expert
    Rank:
    None
    Points:
    78
    Posts:
    753
    Joined:
    Nov 5, 2010

    Nov 5, 2010
    753
    72
    78
    Yeah I was just about to say they make the line encrypted too. So you don't have to worry about it unless their algorithm gets cracked.

    I'm using TDs mobile banking and it works like a charm.
     
  10. dylo22

    dylo22 Android Enthusiast
    Rank:
    None
    Points:
    93
    Posts:
    743
    Joined:
    Apr 19, 2010

    Apr 19, 2010
    743
    119
    93
    Without a doubt mobile banking is less secure than desktop banking. There aren't nearly as many security features in the mobile environment compare to your computer. Not to mention there are protocols/technology that only exist for mobile that could be exploited and taken advantage off.

    The problem with mobile banking is not about making a secure connection, because they all do that. The real problem is malware being installed on your device and stealing your information before you even make the connection. And android is especially susceptible to this because there aren't any policing or approval process to go through for apps. So essentially anybody including hackers can post an app that have malicious code in them.

    There are also other issues like how username and password are stored by apps, lack of Anti virus software, and unsecured protocols like sms that are vulnerable to attack. I'm not saying mobile banking is extremely dangerous, but I would be very cautious.

    Here are two good reads if you're interested
    Banks Rush to Fix Security Flaws in Wireless Apps - WSJ.com
    Mobile banking apps may be vulnerable: Testing and results | TechRepublic
     
  11. bberryhill0

    bberryhill0 Android Expert
    Rank:
    None
    Points:
    273
    Posts:
    2,716
    Joined:
    Jan 27, 2010

    ^^ Has anyone ever seen a virus on a phone?!? Paranoia will destroy ya.
     
  12. Tempusfugit

    Tempusfugit Android Enthusiast
    Rank:
    None
    Points:
    78
    Posts:
    588
    Joined:
    Dec 11, 2010

    Dec 11, 2010
    588
    74
    78
    Without a doubt you are wrong. You are way more likely to get a keylogger running windows than you are on your android. Apps are scanned for malicious code before they are allowed to be posted on the market, AND tell you what permissions they have, and give you information on the publisher. If you aren't familiar with the publisher and they don't have 250,000 downloads with good comments, and you give it permissions to send your bank information, you deserve it. Luckily even in this case, you're still protected.

    That's because there are no viruses....
     
  13. dylo22

    dylo22 Android Enthusiast
    Rank:
    None
    Points:
    93
    Posts:
    743
    Joined:
    Apr 19, 2010

    Apr 19, 2010
    743
    119
    93
    Just because you haven't seen any, doesn't mean they don't exist.
     
  14. AngryHatter

    AngryHatter Android Expert
    Rank:
    None
    Points:
    78
    Posts:
    973
    Joined:
    Jan 21, 2011

    Jan 21, 2011
    973
    92
    78
    QA Admin
    SoCal
    And when you hand a clerk a check?
    Or use an ATM?
    All transaction are online whether it appears that way or not.
     
  15. barqers

    barqers Android Expert
    Rank:
    None
    Points:
    78
    Posts:
    753
    Joined:
    Nov 5, 2010

    Nov 5, 2010
    753
    72
    78
    Agreed. Not to mention those threads are old. All the issues they're talking about have been dealt with.

    Viruses on linux are hard to develop because ultimately the user has to grant the app permission. If you grant an app permission you better understand what you're doing first.
     
  16. dylo22

    dylo22 Android Enthusiast
    Rank:
    None
    Points:
    93
    Posts:
    743
    Joined:
    Apr 19, 2010

    Apr 19, 2010
    743
    119
    93
    Did you even read the articles?? Yes, you're more LIKELY to get infected with malware/viruses for a standard computer because there are not as many of them for mobile...YET. But this is all changing with more and more people using phones and tablets as their source of computing. Malware/viruses are only going to increase (exponentially) within the next few years. The question is do you want to take the risk with your money? It only takes one malware to steal your information.

    About 1% Of Google Android Apps Bad -- InformationWeek

    A minimal automated scan is not what I call completely safe to use applications. Yes, a publisher's reputations and comments will give clues to how trustworthy an app is, but let's be honest, not all of us review publishers credentials and app permissions. We see a cool app, we install to try it out. And that doesn't even include applications that are off the market. Besides, malware doesn't only come from apps. It can also come from website, emails, sms etc...

    Again...did you read the articles???? Here's another good one.

    http://www.wired.com/gadgetlab/2010/12/android-malware/

    Don't get me wrong, I'm not trying to scare people to not use their mobile device for banking or other transactions. All I'm trying to say is mobile security is still in its infancy and to think that it is as safe as desktop computing is naive.
     
    Rubixious likes this.
  17. Tre Lawrence

    Tre Lawrence Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    1,523
    Joined:
    May 24, 2010

    May 24, 2010
    1,523
    259
    163

    Ditto.
     
  18. barqers

    barqers Android Expert
    Rank:
    None
    Points:
    78
    Posts:
    753
    Joined:
    Nov 5, 2010

    Nov 5, 2010
    753
    72
    78
    In any case. I guess I'll think twice about my mobile banking.
     
  19. Rubixious

    Rubixious Newbie
    Rank:
    None
    Points:
    15
    Posts:
    15
    Joined:
    Feb 4, 2011

    Feb 4, 2011
    15
    0
    15
    dylo22 raises some quite valid points.
    Regardless of what you're doing now or have always done, and the whole idea of Linux forcing people to acknowledge accesses... if someone is interested in getting your details, unless the app is CREATED AND MANAGED by the bank you're using it for, I would be highly suspicious.

    Can someone tell me why this wouldn't work?

    Create app 1: Allows you to log into your bank site. Saves login credentials to SD card as <info.txt>. App says "[​IMG] Network Communication full internet access; [​IMG] Storage modify/delete SD card contents " - first is obvious, second dev says this is so you can save it to SD card as all apps are doing these days.

    Create app 2: 'Angry Birds on Crack' online game. Also says "Network Communication; Storage". What it does is appends 'highscores' to a file called <info.txt> and sends this to the server so your high score can be 'compared to your friends' ... except it's sending me your banking credentials.

    Obviously I need you to have both apps - but that's just about marketing and time - I only need one or two people to get $2,000 return on my investment... obviously ignoring all issues that might occur with your bank trying to find me :p
     
  20. Epicurean

    Epicurean Android Enthusiast
    Rank:
    None
    Points:
    53
    Posts:
    438
    Joined:
    Sep 1, 2010

    Sep 1, 2010
    438
    54
    53
    Programmer
    Maryland
    Well, that's why I only use an app from my bank.
     
  21. Tempusfugit

    Tempusfugit Android Enthusiast
    Rank:
    None
    Points:
    78
    Posts:
    588
    Joined:
    Dec 11, 2010

    Dec 11, 2010
    588
    74
    78
    No, android phones can't get a virus from a website or emails or sms. Also the link you provided has no evidence of viruses, most apps that get taken off the market are for adult content or copyright. No app has been taken off because it was a virus to my knowledge.


    Wow a 3rd party chinese app market and there's a virus? *hides under bed

    Because nobody is stupid enough(I hope) to download an app that logs into their bank that isn't from their bank.
     
  22. dylo22

    dylo22 Android Enthusiast
    Rank:
    None
    Points:
    93
    Posts:
    743
    Joined:
    Apr 19, 2010

    Apr 19, 2010
    743
    119
    93
    You can't get malware from going to a website or just getting an email, but you can get it from clicking on links, pictures, ads etc that are in those mediums. It's call phishing.

    Malware Sneaks Into Android Market | Gadget Lab | Wired.com
    http://www.************.com/spyware-and-malware-android-apps-in-the-android-market/

    I'm not sure what your point is in all this. Are you saying Android is impenetrable, and we should all throw caution to the wind? I already posted several articles where security experts are saying malware threats are the rise (especially on android) and mobile security is a concern. I think it's only logical to heed those warnings and take precaution.

    Mobile Security: A Crisis Waiting to Happen | Blogs | ITBusinessEdge.com
    Experts Agree: No Easy Fix For Mobile Security | threatpost
     
  23. Tempusfugit

    Tempusfugit Android Enthusiast
    Rank:
    None
    Points:
    78
    Posts:
    588
    Joined:
    Dec 11, 2010

    Dec 11, 2010
    588
    74
    78
    That's not malware, that's phishing... and like everyone else has said, use your BANK'S MOBILE BANKING APP... NOT some shit with <50 downloads from droid09. Nothing can install itself and run on your phone unless you give it permission, this isn't windows.

    This isn't about mobile security anymore... Its about natural selection. If you download random apps to log in to your bank, the cell phone community doesn't need your kind... stop ruining it for everyone else.


    From your own link

    While malware targeting mobile devices is still a relatively minor concern.


    I'm not really sure what YOUR point is... I don't care enough to google one of the thousands of cases of desktop computer banking being hacked, phished, keylogged, or otherwise compromised. All you give me is half-ass phishing schemes with tiny banks that didn't go anywhere.
     
  24. AngryHatter

    AngryHatter Android Expert
    Rank:
    None
    Points:
    78
    Posts:
    973
    Joined:
    Jan 21, 2011

    Jan 21, 2011
    973
    92
    78
    QA Admin
    SoCal
    Wait, they'll be touting some AV app in a minute...
    ;)
     
    Tempusfugit likes this.
  25. dylo22

    dylo22 Android Enthusiast
    Rank:
    None
    Points:
    93
    Posts:
    743
    Joined:
    Apr 19, 2010

    Apr 19, 2010
    743
    119
    93
    This is going to be my last post in this thread. It's pointless arguing over this. You either see it as a risk or you don't. People can decide for themselves. I'll respond to some of your points and I'll just leave it at that.

    Phishing is the method to get people to download malicious software. They spoof as innocuous website/apps/links, so that you'll click or download.

    Fake Angry Birds App Exposes Android Vulnerability -- Android Security -- InformationWeek

    "Android typically requires that a user give explicit permission for an application to access a particular service on the phone, or to install any additional applications. This attack bypasses that security control, allowing an attacker to use one installed application to download and grant complete access rights to additional applications."

    The Official Lookout Blog | Three New Android Vulnerabilities Released

    "Lastly, at Blackhat Abu Dhabi, a security researcher with MWR InfoSecurity, Nils, will disclose another vulnerability that can also be used to install applications on vulnerable devices without user intervention. While the vulnerability discussed above requires a user to install a vulnerable app, the vulnerability that Nils will present is reported to only requires a user to visit a malicious website. While details are not yet public, this vulnerability likely only affects HTC devices."

    Permissions to install isn't fail safe. We shouldn't rely only on one level of security.

    It's true, if you were vigilant enough and only install trusted applications and only go to trusted sites, we'll be fine. The same can be said for desktop. If we download from trusted source and surf only on trusted sites, we'll be okay. So why do people insist we need Anitvirus software for your desktop?? Could it be because despite our best efforts, we can still be tricked into downloading or clicking on something that appears innocent but is in fact malicious? Hackers aren't stupid you know. They don't create things with skull and crossbones on them. They create thing that appears 98-99% legit and prey on the fact people are paying enough attention to notice the 1%. Hence, that's why all our computers have AV of them. So that when we're not paying full attention, we're still somewhat protected.

    Unfortunately, that's not the case with mobile. AV is an after thought and are deemed unnecessary. Even with the few solutions available, we don't even know how effective they are.

    In my mind, if android continues to grow and become a dominant platform, we'll probably go through what we went through in late 80s and early 90s with computers where viruses are common, but antivirus protection was rare and its effectiveness often difficult to judge.

    My point is mobile security still has a way to go. In its current form, it is less secure than what is on a desktop. There are still many unknowns and not enough mechanism in place to protect our data. In my opinion, mobile banking right now is not worth the risk. I'll wait until Android matures more before diving into it.
     

Share This Page

Loading...