
Mobile banking app asks for permission to scan all files - rmtech
Mobile apps are increasingly asking for permissions they don&#x27;t really need, presumably because most users grant these permissions without really thinking about it.<p>The latest installment of this is my bank&#x27;s new mobile app asking for permission to read&#x2F;write to all files on the device - allegedly just to &quot;scan for malware&quot;.<p>If you refuse permission, the banking app just refuses to work. You cannot check a box saying that you&#x27;ll accept liability if there is malware on your device that results in loss.<p>I feel that this behavior makes a mockery of the notion of giving &quot;permission&quot;. Apps have far too much bargaining power - the app effectively holds a gun to your head and demands to see all your files. What does it do with them? Does it use the results to gain insight into your potential creditworthiness? Does it sell some kind of fingerprint of your device files as an extra income stream? I have no way of knowing.<p>This kind of thing is becoming more common and I wish Apple and Google would crack down on it - ban apps that won&#x27;t work unless the user gives certain permissions. Alternatively I&#x27;d like to see &quot;fake&quot; permissions that give an app access to a fake filesystem or to a fake camera&#x2F;microphone.
======
WaitWaitWha
This problem is even bigger in some countries.

Without a specific app on a mobile phone, doctors will not take appointments,
pharmacy will not dispense medication, social services will not provide
services.

A problem with the presumptions that

1) I have a device that is internet connected,

2) I have a device that is compatible with the apps,

3) I will grant excessive rights for the apps on the device.

~~~
2rsf
In Sweden you can theoretically work around it using your ID card to identify
yourself online [1], but many places don't support it or don't even try to.

Mobilt BankID is very popular app, technically it has a desktop companion that
again is not widely supported or known [2].

[1]
[https://www.skatteverket.se/servicelankar/otherlanguages/ine...](https://www.skatteverket.se/servicelankar/otherlanguages/inenglish/individualsandemployees/livinginsweden/idcard/electronicidentificationwiththeidcard.4.3810a01c150939e893f1dab6.html)

[2] [https://support.bankid.com/sv/bestalla-bankid/bestalla-
banki...](https://support.bankid.com/sv/bestalla-bankid/bestalla-bankid)

------
dyingkneepad
Can't you just use the mobile browser to log in the bank web page?

I know it is not always possible, especially if you're in certain countries.
Sometimes I think about having an extra phone that I never take outside home
that just has these apps...

~~~
rmtech
You can, but their banking logon is really, really inconvenient and requires
to to have a hardware token and enter 4 different long numbers/passwords and
it logs you off automatically after 3 minutes of inactivity. The app means you
can actually get banking done without a half-hour logon process.

