03-13-16 05:35 AM
69 123
tools
  1. sorinv's Avatar
    You do realize that phishing attacks are far more prevalent on websites, right? If you don't want to use apps because of phishing concern, then why use websites?

    Phishing is generally more difficult on apps, but users can help by not installing software from dodgy sites. The banks can also implement features that mitigate this risk quite a bit. Again, we have more options available to us in apps than websites.
    An app that has access to your files, device ID, camera and location is a much higher security risk than a browser which has access to none of this.

    You are expecting that every nontechnical user has a security agency behind him or her and does a security check on every single app developer whose app he or she uses.
    Unrealistic expectations.
    The security experts I hear often disagree with you. They l say that phones are less secure than computers and IoT will be an even bigger security nightmare.
    But everyone is entitled to their opinion.
    03-10-16 10:07 AM
  2. sorinv's Avatar
    "NICK FITZGERALD: Probably the most important thing is to not disable the built-in security control that by default Android devices don't let you install apps from third party app stores. They only let you install apps from the Google Play store. And this malware can't normally get on your phone unless you have disabled that."
    They are talking about millions of accounts at Australia's biggest bank.
    This is not some fishing operation where all those millions of users decided to download apps from illegal websites.
    This is a banking app problem. They said as much on TV, more details than in the link.
    03-10-16 10:11 AM
  3. app_Developer's Avatar
    An app that has access to your files, device ID, camera and location is a much higher security risk than a browser which has access to none of this.
    So on iOS and Android, we actually don't have access to files or an indentifiable deviceID. If you're uncomfortable

    You are expecting that every nontechnical user has a security agency behind him or her and does a security check on every single app developer whose app he or she uses.
    Unrealistic expectations.
    The security experts I hear often disagree with you. They l say that phones are less secure than computers and IoT will be an even bigger security nightmare.
    But everyone is entitled to their opinion.
    Again, this is not a phone vs. computer thing, this is a browser vs app thing. Of course phones face more risks than computers overall, which is why we prefer native apps vs websites since native apps give us more options to protect ourselves and our customers.

    If you're suggesting that people should not bank on their phones, then that's a different argument all together. Most of us need to bank on our phones for the same reasons we do many other things on our phones. We don't want to or can't wait until we get home to do it.
    03-10-16 10:19 AM
  4. app_Developer's Avatar
    They are talking about millions of accounts at Australia's biggest bank.
    This is not some fishing operation where all those millions of users decided to download apps from illegal websites.
    This is a banking app problem. They said as much on TV, more details than in the link.

    You misunderstood the attack/threat. It's potentially dangerous for millions of users, but only if the user has the malware on his/her phone and also enters his/her own credentials into the phishing page.
    03-10-16 10:21 AM
  5. sorinv's Avatar
    So on iOS and Android, we actually don't have access to files or an indentifiable deviceID. If you're uncomfortable



    Again, this is not a phone vs. computer thing, this is a browser vs app thing. Of course phones face more risks than computers overall, which is why we prefer native apps vs websites since native apps give us more options to protect ourselves and our customers.

    If you're suggesting that people should not bank on their phones, then that's a different argument all together. Most of us need to bank on our phones for the same reasons we do many other things on our phones. We don't want to or can't wait until we get home to do it.
    Yes, if I deal with my investment accounts where my life savings are, I can make the extra effort to avoid using the phone.
    So, if I want to bank from my computer, not from my phone, for enhanced security, you should give me the feature in the website, as you do now with all other features, much more critical than depositing a cheque.
    03-10-16 10:43 AM
  6. sorinv's Avatar
    You misunderstood the attack/threat. It's potentially dangerous for millions of users, but only if the user has the malware on his/her phone and also enters his/her own credentials into the phishing page.
    The phising part is neither in the TV announcement nor in the link I provided...
    What they mentioned on the air was the bank app being corrupted.
    A different kettle of fish.
    Of course they don't know exactly how many accounts have been affected, that is why they use "potentially" millions. But this is specific to an android app for only one Australian bank.
    If it were some phishing scheme, they would not target just users of a particular bank app.

    And here's another link that confirms indirectly that they can do whatever with the camera and microphone on you device, even on an iphone.

    http://www.theguardian.com/technolog...as-microphones
    03-10-16 10:51 AM
  7. app_Developer's Avatar
    The phising part is neither in the TV announcement nor in the link I provided...
    What they mentioned on the air was the bank app being corrupted.
    A different kettle of fish.
    Of course they don't know exactly how many accounts have been affected, that is why they use "potentially" millions. But this is specific to an android app for only one Australian bank.
    If it were some phishing scheme, they would not target just users of a particular bank app.

    And here's another link that confirms indirectly that they can do whatever with the camera and microphone on you device, even on an iphone.

    FBI could force us to turn on iPhone cameras and microphones, says Apple | Technology | The Guardian
    You really should read the articles you are posting.

    First from your first link and I quote:

    The virus presents a fake version of the login screen when an Android user accesses their legitimate banking application.
    This is phishing. What do you think phishing is??

    And you should also read the second article you posted carefully. In the article Cue is saying that IF Apple complies with the govt request, then this would become a major security vulnerability (according to Apple).

    Again, if you don't want your bank app to have access to your camera, you can turn off access to the camera. On iOS you can even grant access to the camera just for a check deposit and then turn it off again immediately afterwards if you like.
    03-10-16 10:59 AM
  8. app_Developer's Avatar
    Yes, if I deal with my investment accounts where my life savings are, I can make the extra effort to avoid using the phone.
    So, if I want to bank from my computer, not from my phone, for enhanced security, you should give me the feature in the website, as you do now with all other features, much more critical than depositing a cheque.

    So let's go back and understand this again. We do not make a native application for the PC. Most banks don't.

    We can't make this feature in a web browser, because we can't make it safe within the browser. No major bank has been able to do this. This is not because PCs aren't powerful, it's because web browsers severely limit what we can do. Does that make sense?

    Again, this is not a PC issue. This is a web browser issue. We could do what you want, but only if we made a native app. And even then, it wouldn't help you since you use Linux anyway.
    03-10-16 11:02 AM
  9. sorinv's Avatar
    Again you are looking at the bank's interest, not the users'.
    There is nothing unsafe about me loading a picture of a cheque through the browser to the bank.
    Maybe the bank cannot verify the validity of the cheque, although I doubt it. Even know if I go in person with a foreign cheque they take a week or two to validate it. The worst that can happen is that they will cancel the cheque a few days later when the see that it is a fake, and charge the user a fee for the invalid cheque.

    It is much riskier, both for the bank and for me,when I move 5000 dollars or more from one account to another while using the Web page, Yet I am allowed to transfer very large amounts of money through the website and the bank considers that safe.

    So, no, I don't buy that you cannot write a piece of code (Whoever mention apps? Although an app is a program and a piece of code by any other name) to embed in your webpage to allow the user to upload a picture of a cheque worth tens, hundreds, and even thousands of dollars.
    Last edited by sorinv; 03-10-16 at 07:17 PM.
    03-10-16 06:36 PM
  10. EchuOkan1's Avatar
    Yeap, banking apps and One Note only. No need for anything else on my Z30.

    Posted via the CrackBerry App for Android
    03-10-16 06:41 PM
  11. Ronindan's Avatar
    Again you are looking at the bank's interest, not the users'.
    There is nothing unsafe about me loading a picture of a cheque through the browser to the bank.
    Maybe the bank cannot verify the validity of the cheque, although I doubt it. Even know if I go in person with a foreign cheque they take a week or two to validate it. The worst that can happen is that they will cancel the cheque a few days later when the see that it is a fake, and charge the user a fee for the invalid cheque.

    It is much riskier, both for the bank and for me,when I move 5000 dollars or more from one account to another while using the Web page, Yet I am allowed to transfer very large amounts of money through the website and the bank considers that safe.

    So, no, I don't buy that you cannot write a piece of code (Whoever mention apps? Although an app is a program and a piece of code by any other name) to embed in your webpage to allow the user to upload a picture of a cheque worth tens, hundreds, and even thousands of dollars.
    So can you write that piece of code instead of telling other people to do it? I am assuming that you can code.
    03-10-16 07:27 PM
  12. sorinv's Avatar
    You really should read the articles you are posting.

    First from your first link and I quote:



    This is phishing. What do you think phishing is??

    Again, you can call it by whatever name. This news is about one bank only and only that bank's android app, and potentially millions of users.
    If it was phishing, it would have applied to other android banking apps and other banks and their users.


    And you should also read the second article you posted carefully. In the article Cue is saying that IF Apple complies with the govt request, then this would become a major security vulnerability (according to Apple).
    I do read carefully and also between the lines. "If it complies" means that it is doable now. Like any backdoor, it can be exploited by Apple, the government, NSA, a rogue NSA employee like Snowden, and very likely by the Russian secret service, the Chinese secret service, and by some smart hackers, as in the Australian bank (un-named) case.

    Again, if you don't want your bank app to have access to your camera, you can turn off access to the camera. On iOS you can even grant access to the camera just for a check deposit and then turn it off again immediately afterwards if you like.
    We are in agreement, I only use apps that give me control over everything.
    That is not the case with android apps before marshmallows.

    It seems that there has been a change of focus towards privacy since Tim Cook took the helm at Apple.
    It is interesting and revealing to see the desperate reaction of the FBI and of other security and surveillance agencies (like GCHQ) who are seeing their toys being taken away from them. Apps are a big part of the infrastructure they rely on. They love them for their security holes.

    Here are the most recent reactions from DOJ and Apple. I am looking forward to learning which part I missed in my reading of the text.
    http://www.bbc.com/news/election-us-2016-35781044
    Last edited by sorinv; 03-10-16 at 10:53 PM.
    03-10-16 07:31 PM
  13. Gus's Avatar
    I don't use Google play, all the apps I need are available on BlackBerry World. I don't even use the amazon apps store, I have and iPad for that.

    Posted via CB10
    03-10-16 07:33 PM
  14. sorinv's Avatar
    So can you write that piece of code instead of telling other people to do it? I am assuming that you can code.
    I guess you ran out of arguments...
    Last edited by sorinv; 03-11-16 at 05:28 AM.
    03-10-16 10:54 PM
  15. Houshinto's Avatar
    I use cobalts solution for the play store on my z30 and it works like a charm. All my apps i have and I couldn't be happier.

    Posted via CB10
    03-10-16 11:49 PM
  16. Jazuyo's Avatar
    I use cobalts solution for the play store on my z30 and it works like a charm. All my apps i have and I couldn't be happier.

    Posted via CB10
    Do you have it patched to where the google play service reminder alert won't pop up on your hub?
    03-11-16 04:50 AM
  17. ALToronto's Avatar
    I have avoided patching, but the unpatched apps I use work fine:

    MS Office
    OneNote
    Starbucks
    Second Cup

    Haven't had a need for anything else, although I might load an Android version of TD Bank's app so I can photo deposit cheques. For everything else, I use mobile websites.

    Posted via CB10 from my awesome Passport
    03-11-16 07:10 AM
  18. SomeoneOrOther's Avatar
    HTML 5 will one day mature, we'll have improved mobile websites, and a number of apps will no longer be necessary. So the "app gap" dilemma BB faces will become less significant, assuming BB is still making phones at that time.
    03-12-16 10:57 PM
  19. Jazuyo's Avatar
    HTML 5 will one day mature, we'll have improved mobile websites, and a number of apps will no longer be necessary. So the "app gap" dilemma BB faces will become less significant, assuming BB is still making phones at that time.
    I was thinking of the same thing. With HTML5 taking over I can see all the APK files and other platform files all morphing into HTML5 to the point where any OS can get any html5 app store. Half of the apps I can do or get is html5 anyway.
    03-13-16 05:35 AM
69 123

Similar Threads

  1. Q10 users, do you miss the toolbelt?
    By loveallnight in forum BlackBerry Q10
    Replies: 42
    Last Post: 03-23-16, 01:05 PM
  2. I Will Use My Passport SE Until it Dies!
    By Insync in forum BlackBerry Passport
    Replies: 55
    Last Post: 03-23-16, 08:29 AM
  3. SECOND Passport with screen lift issue... WTH BB?
    By mihnead in forum BlackBerry Passport
    Replies: 19
    Last Post: 03-13-16, 06:42 PM
  4. Replies: 3
    Last Post: 03-06-16, 04:52 PM
  5. Priv Launcher vs BB Launcher
    By mis3 in forum BlackBerry Priv
    Replies: 3
    Last Post: 03-06-16, 10:33 AM
LINK TO POST COPIED TO CLIPBOARD