Transfer Bank Apps to a new phone - UPDATE

[john terry1001]

I was given some useful info recently when I asked the question but some things didn't go exactly to plan so I thought I'd give an update that may (or may not) help somebody in the future.

Firstly, I've had a HUWAEI (P9) for about four years and have been pleased with it, but the battery is faulty so I decided it was time for an upgrade. As HUAWEI is no longer supported by Google (and Lloyds tell me my UK Lloyds account needs a valid app that's downloaded from playstore) I decided to go for a ONE PLUS 8.

 

First problem came when I ended up buying the phone via Lazada so couldn't get all the data transferred by them. First, I tried highly recommended 'smart switch' but couldn't get the phones to connect. Second option was 'copy my data', with the same failure. Next was a trip to my local HUAWEI shop, who installed their own 'HiSuite' app. Another failure, and, at that they simply said "no can do", and suggested the phones weren't compatible. All these attempts were over wifi so next I bought a 'C' plug data cable to try that option. On the third attempt, success........to a point. My phone book was copied, photos were transferred, BUT removed from the Huawei phone at the same time and sms messages just refused to transfer, as did my documents. Some apps transferred and, like the photos, were removed from the phone but others stayed where they were and were totally ignored. But, not so bad, I can re-install apps.

 

All banking/finance related apps stayed in the old phone so the next step was to re-install those apps.  There were five Thai apps, four bank (Krung Thai, Kasikorn, Thanachart and Bangkok) plus MY AIS  app (which I use to pay different bills on line). As Crossy had said in the previous thread, just re-install your details into the new app, and it worked for all apart from Bangkok bank. It wouldn't accept the info and I ended up at the local branch where, on their fifth attempt, they kindly did it for me. This also involved further level of security as well.

I also had four UK apps to re-install. All were fairly straight forward. Transferwise, an FX account and HMRC were all straightforward, with Lloyds Bank just needing an extra level of security. No problems.

 

Most bank related apps on my old phone became 'inactive' as soon as the apps on my new phone became active

 

BUT........

 

With both Bangkok bank in Thailand and Lloyds bank in the UK, THEIR APPS STILL REMAIN ACTIVE ON BOTH PHONES !!!!!!!! 

 

It's noticeable that both banks that required extra security to transfer the apps appear to have such a basic flaw in their system, especially when a lot of people might just discard the phone to an unknown person. 

 

[RichCor]

3 hours ago, john terry1001 said:

BUT........

 

With both Bangkok bank in Thailand and Lloyds bank in the UK, THEIR APPS STILL REMAIN ACTIVE ON BOTH PHONES !!!!!!!! 

 

It's noticeable that both banks that required extra security to transfer the apps appear to have such a basic flaw in their system, especially when a lot of people might just discard the phone to an unknown person. 

...which is why it's suggested you ERASE/RESET the old phone once all the apps and data have been transferred, and verify everything is gone by setting the phone up again (with a dummy account).

 

The fact that the apps still function on the old phone even after being copied or freshly reinstalled isn't considered problematic as many people may own several devices and like the apps installed on several. The issue here is that you expect the one-time authenticated app to not work if the data contents (including the one-time security token) is copied to a new phone. Unless the app constantly authenticates the device hardware on launch it won't detect it's a copy. Some banking apps verify original installed environment while others don't, or do so using other non-instant means (but the 'copy' flaw may not have been fully thought through by everyone).   

 

[scammed]

i used clone phone app

[torturedsole]

But surely if you accidentally gave your phone away with the banking apps still loaded then it's not a simple case of auto-login.  There are additional security steps.  I'm not seeing the flaw, to be honest.  

[mtls2005]

I got a new phone a few weeks ago. (Old: Xiaomi Mi A2; New: Samsung A51) Android allows one to pretty much copy data, and replicate apps, automagically. I think it uses NFC and/or Bluetooth. Obviously you have to use the same gmail to initiate the new phone.

 

Worked fine for me.

 

I did have to re-log-in to BBL, SCB, Chase, et al. BBL app requires a PIN, SCB a fingerprint or PIN as do most finapps.

 

I backed up all data on the old phone via USB to an NAS/archive, then did a few factory resets on the old phone.

 

 

[john terry1001]

9 hours ago, RichCor said:

...which is why it's suggested you ERASE/RESET the old phone once all the apps and data have been transferred, and verify everything is gone by setting the phone up again (with a dummy account).

Of course you should always do an erase/reset and that's fine for those of us that understand what needs to be done, but not everybody is capable of doing that. How many people buy a new phone and take up the offer of the shop doing the transfer and assume the (important) data has been removed from the old phone. Using the word 'transfer' suggests to many that the data is removed from the old phone and 'transferred' to the new one. When my wife and daughter bought new phones at 'Banana' the shop did all the transfers for them. 

 

9 hours ago, RichCor said:

Unless the app constantly authenticates the device hardware on launch it won't detect it's a copy. Some banking apps verify original installed environment while others don't, or do so using other non-instant means (but the 'copy' flaw may not have been fully thought through by everyone). 

And, with these two banking apps, that is my point.

 

Lloyds Bank authenticates the device every single time you log on. The very first message you get at log in is 'authenticating your device'. Because new Huawei's no longer has access to google and can only download a cloned version I made a point of phoning Lloyds for clarity. They actually told me that, at log in, they 'interrogate your phone' to confirm it's genuine. Using a cloned app would simply be rejected. That level of security might suggest to some of the 'less technical' that the app is always secure.

 

Also, with countless pins/ID's we have these days, how many of us auto save them to our devices? With Bangkok Bank, it is more complex to transfer to app to a new phone. To start, you need to go to a bank branch or ATM and generate a new ID number, then reset your password and pin number, which seems good. At the banks help, it all went quite well, but they set a new password as '1234' and it auto saved. I reset my password after we'd finished but, after spending over an hour there, how many (less technical people) would think to change theirs. How many are walking round with a '1234' password. And after changing all of that info, all it actually did was update the current information held on their system, my fingerprint still opened the app on BOTH phones. Not very secure at all!!! 

 

All other apps auto deleted/rejected access to the old phone's app as soon as I accessed the app on the new phone.