Jump to content

Do You Trust The Security Of Your Andriod Smart Phone?


Recommended Posts

Posted

Download our banking app.
"Safe and Convenient?  Just download at Google Play."
???? Ok  <Goes to Google Play and installs my bank's application.>  They only need access to most of my phones functionality:  Camera, mic, contacts, location, etc etc etc.

Then you login by just clicking their icon.  Perhaps the first time you need a user-id/password.  Might even need 2-factor authentication (going to the phone you're holding).  After that?  Bob's Your Uncle.  Just click the icon and your in! 

I don't see how Android is either safe or secure.  Possibly convenient (or not).  What do you think?
 

  • Like 1
Posted
2 minutes ago, connda said:

I don't see how Android is either safe or secure.  Possibly convenient (or not).  What do you think?

I think you need to look at the security options more. None of my banking apps (none Thai) allow/are set to launch without another layer of security. If they could I'd uninstall.

 

Like anything, your phone is only secure as you make it.

  • Like 1
  • Haha 1
Posted

I have no apps on my phone for anything financial - for example Lazada - access via PC - pay on receipt and email for account. In this age of "big data" you can't escape them collecting and collating your data but to me it seems crazy putting everything on one device  in the name of security. So called two factor authentication on one device seems paradoxical to me - two device authetication is more secure ie access your account via a pc/notebook and get the OTP via your phone - surely it is less likely you will lose or have stolen both devices.

  • Like 2
Posted

No way. We dont have electronic banking at all - mobile or not. I had electronic banking in Switzerland. Very convenient. But not to have it here eliminates at least some part of possible fraud. And branches are open for most transactions even late in the evening or on holidays - which is convenient enough.

  • Like 2
Posted

yes & no ... yes, because absolutely nothing on there that is a security issue, with exception of BBL, which gets my USA Soc Sec DD.  It goes in one day, and out the next.  That app simply to see if arrived, and current balance, usually <5k baht.

 

no ... as don't know a Thai site yet that hasn't be hacked, or any site for that matter.  

 

Except for BBL, there isn't much on my phone.  I use it for camera, GPS and that's about it.  Only phone calls I get are delivery folks letting me know that are on the way.  Don't think I myself make 5 phone calls a month.

Posted

With many apps you have the choice if you want to enter your password manually, two factor authentication, fingerprint and other options.

It seems many users just want it simple and if they have to enter a password again, they are just annoyed.

I guess that is the reason why often by default all is set to be as comfortable as possible.

 

Normal users just don't care. Or maybe they care, but only after something happens. Why did nobody tell me? ...

 

  • Like 1
  • Thumbs Up 1
Posted
31 minutes ago, topt said:

Not the case with SCB app. You have to put in a 6 digit passcode, or possibly use another form of id., before you can get into anything to do with money.

Same with Bkk Bank, 6 digit PIN. And with all UK banks.

  • Thanks 1
Posted

 

just looking at the shocking design and clunky functionality of my thai banking web pages puts me off installing their app. if the front end is that bad, how likely is it the back end is any better/reliably secure?

Posted

Meanwhile.

 

Line Pay needs my fingerprint TWICE (and seemingly endless confirmations) to transfer 16 Baht to a work colleague to pay for the Coke she got me from the Seven. 

 

Posted (edited)
Quote

Do You Trust The Security Of Your Andriod Smart Phone?

of course no.

If you want to be safe you have to use a separate phone dedicated to banking apps. I.e. use one phone for your casual stuff like sexting, playing games or browsing internets and another phone for banking only, without installing ANYTHING on it except those banking apps.

And of course this phone must come from a reputable company and run a clean operating system without tons of preinstalled malware, e.g. an Apple iPhone or a Google Pixel, not a random chinese bullshít like xiaomi or oppo.

 

P.S. despite Samsung is somewhat reputable company I would not recommend it for banking because their phones do not come with a clean Android operating system but rather filled with a bloat-/mal-ware with unknown functions and features.

Edited by fdsa
  • Haha 2
Posted
1 hour ago, topt said:

Not the case with SCB app. You have to put in a 6 digit passcode, or possibly use another form of id., before you can get into anything to do with money.

Do you know how fast a 6 digit pass-code can be hacked?

That's my point.

 

Posted
57 minutes ago, moogradod said:

I am aware of all that but I am not a normal user but a security paranoid. I have been working for the IT-industry for decades.

Before I retired?  Me too.

Posted (edited)
3 hours ago, topt said:

Not the case with SCB app. You have to put in a 6 digit passcode, or possibly use another form of id., before you can get into anything to do with money.

Same for Bangkok Bank, SCB and Kasikorn.

And for effective transactions all use SMS OTP.

Not considered too safe in the west and abolished.

Insecure because of the careless procedures of telecom operators.

(easily sending out replacement SIMs to new address via hotline request e.g.)


Security of such apps is not limited/restricted by Android.

That Android is one of the most buggy operating systems is no secret.

That's what add-on security SW and regular updates are for.

Edited by KhunBENQ
  • Thanks 1
Posted
12 minutes ago, Negita43 said:

Just one question for the pro app lobby - where do you keep your passwords?

In a manually maintained password file/container encrypted with VeraCrypt stored locally only on three backups (VeraCrypt on PC, reading on phone with EDS lite). Master-password under the scull cap, 16 characters. Enough for a while.

Individual passwords are generated and no less than 14 characters.

I am likely not in the focus of the latest quantum computer by NSA and others.

So can sleep quite well.

  • Like 1
Posted
2 hours ago, connda said:

Do you know how fast a 6 digit pass-code can be hacked?

That's my point.

 

No it wasn't - your point that is.

I specifically replied to your point about clicking on an icon only with no other input to access.

 

Anyway good luck to a casual thief stealing my phone and being able to crack the 6 digits before I have disabled access.

 

 

  • Like 1
  • Thumbs Up 1
Posted
1 hour ago, Negita43 said:

Just one question for the pro app lobby - where do you keep your passwords?

Specifically for my phone banking app - in my head. 

Otherwise generally somewhat similarly to as @KhunBENQ stated.

 

PS - I am not pro app. Most of my banking is done online with a pc. I don't use apps for my home country banking and only started recently in Thailand for ease of paying utility bills as most, for me,  cannot be paid online.

  • Like 1
Posted
11 minutes ago, topt said:

Anyway good luck to a casual thief stealing my phone and being able to crack the 6 digits before I have disabled access.

Haven't tried but I assume that there is lock after x failed attempts.

My home country bank is very strict. After 3rd failed attempt I am out.

Need postal mail with new data.

 

  • Thumbs Up 1
Posted (edited)
10 minutes ago, topt said:

I am not pro app. Most of my banking is done online with a pc.

Given that there is no proper 2FA in Thailand, app seems safer than "online with a pc" because for the latter anybody can enter passwords in the internet from anywhere while to do the same with your app they would need to have your phone which is much more difficult.  Also, it is generally much easier now for somebody to hack into a PC than remotely access an up-to-date phone

Edited by K2938
Posted (edited)

One thing for sure: if your phone is hacked, planting a key(board)/screen logger you have a problem. This falls under the category of Android security. Worth using common sense when installing new stuff, doing scans with some security SW (I use Avira) and doing the updates.

Still for Thai banking there is the OTP hurdle over the cellular network.

Additionally banks send alerts via email.

Helps to find suspicious activity.

Edited by KhunBENQ
Posted
8 minutes ago, K2938 said:

Given that there is no proper 2FA in Thailand,

Please define "proper" - if I try and set up a new payee online with SCB I have to authenticate via OTP for which I need my phone?

 

 

Posted
4 hours ago, Negita43 said:

So called two factor authentication on one device seems paradoxical to me

Not really. The point of 2 factor authentication is proving who you are by something you know (your password) with something you have (your phone).

 

It doesn't matter that you're using the phone both as the thing you have and to input the thing you know; you've still proven both to be true. Which can't be achieved by 1 factor authentication.

  • Thumbs Up 1
Posted
16 minutes ago, topt said:

Please define "proper" - if I try and set up a new payee online with SCB I have to authenticate via OTP for which I need my phone?

OTP is a very very weak level of protection which is very easy to get around and has therefore generally been discarded because of this in many Western countries as mentioned above.  So "proper" in this means an actually well-working method of 2FA, not OTP

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...