Bank of Ireland Andriod App available to download today

Bank of Ireland: Linda

Hi dobsdave,

I am happy to hear that you like the app.

The user id is asked for the initial login, many banking apps operate in this way to allow easier access for customers. The additional security questions will always be asked for when logging onto the banking app.

Thanks
Linda

Ben D Bus

Just adding my name to the list of Android users who like the new app

witnessmenow

Bank of Ireland: Linda wrote: »

Hi witnessmenow,




Our mobile banking team were wondering if you could provide a bit more information regarding the issue to make sure it doesn't occur again. I understand if it is not possible to provide this information.

- Do you have any screen shots you could provide?
- Is it only the specified ad that this issue appeared?
- Was the issue with the text due to display resolution or is it poor quality of message?

Thank you to everyone that has brought any issues and positive comments to our attention.

Thanks
Linda

Hi Linda,

My phone is running ICS (4.0.3).

I only noticed it with that one ad. The rest of the app looked fine

The screens resolution is quite high (480 x 854 pixels) or at least at par with some bigger phones so i doubt its a resolution thing.

I will take a screen shot the next time i see it, but the ad only seems to happen after i make a transfer and I dont tend to do these often

Bank of Ireland: Linda

Hi witnessmenow,

Thank you very much, I will pass on the details. Hopefully you should have no other issues with the app.

Thanks
Linda

Javan

Bank of Ireland: Linda wrote: »

Hi dobsdave,

I am happy to hear that you like the app.

The user id is asked for the initial login, many banking apps operate in this way to allow easier access for customers. The additional security questions will always be asked for when logging onto the banking app.

Thanks
Linda

I have to say I uninstalled the app because of this issue. I'm not at all comfortable with the idea of data about the account being stored on the phone.

Can you tell us what other data related to the account is stored locally? For example; access logs, transaction logs, local caches of data transmitted from the central servers, account numbers or nicknames?

I'm tempted to install this on a rooted device just to have a poke around in the local cache and see what secrets are hidden there.

Bank of Ireland: Linda

Hi Javan,

We fully appreciate that security is a top priority for all our customers, and we can assure you that we do not store any security information on the handsets. In addition, all data sent to and from the handset is protected - Please see below quoted from our website:

Bank of Ireland Mobile Banking uses 128-bit encryption to code all information as it's exchanged.

I hope this helps give you some peace of mind.

Thanks
Linda

Javan

Bank of Ireland: Linda wrote: »

Hi Javan,

We fully appreciate that security is a top priority for all our customers, and we can assure you that we do not store any security information on the handsets. In addition, all data sent to and from the handset is protected - Please see below quoted from our website:



I hope this helps give you some peace of mind.

Thanks
Linda

Thanks for the reply Linda, but that does not address the issue.

Encryption applied to data in transit only protects data in transit. It does not protect data as it rests on the device. That quote from your website does not say anything about the data stored on the device.

Also your assertion that you do not store any security information on the device rings hollow. It seems likely that the login number is stored on the device. That is one of the three pieces of information required to access the account, so it is 'security information'.

The alternative would be to take a unique identifier for the device (the IMEI) with the login on the first connection and then use that in all subsequent logins.
The permissions requested by the app do not include any unique identifiers like the IMEI, so this app is not doing that.

By that reasoning you do store security information on the device and there is no assurance that it is protected while it rests on the device (only as it is in transit to / from the server), so you have not addressed the concern at all.

Javan

Javan wrote: »

Also your assertion that you do not store any security information on the device rings hollow. It seems likely that the login number is stored on the device. That is one of the three pieces of information required to access the account, so it is 'security information'.

I've run some very simple tests that anyone can replicate to confirm that the login number is effectively stored on the device.
The steps are as follows:
- Download the app and log in to your BoI account.
- In the applications manager see that the application has some local data stored. (156K on my device).
- Open the app again and see that you are not prompted for the login number.
- Go back to the applications manager and clear the cached data for this app.
- Open the app again and see that you are prompted for the login number.

By this test is seems very clear that the login number is stored in the local cache, along with a considerable amount of other data as 156K is much more than is needed for a six-digit number.

Without knowing what other data is stored on the device and the technology used to protect this data I'd have to say that this app is considerably less secure than the website. Anyone using the app should consider a lost or stolen phone to be as big a risk to account security as a lost or stolen debit card.

Bank of Ireland: Pat

Hi Javan,

I appreciate your concerns. I'm sure you can understand that we can't discuss specifics regarding how we manage our security credentials, but I can assure you on your question regarding the login number that this is not stored on the handset.

As mentioned above, we appreciate that security is a top priority for our customers. We work with the industry leaders in security and constantly review our procedures to ensure they are in line with industry best practices.

I hope this helps clarify things.
Pat

Javan

Bank of Ireland: Pat wrote: »

Hi Javan,

I appreciate your concerns. I'm sure you can understand that we can't discuss specifics regarding how we manage our security credentials, but I can assure you on your question regarding the login number that this is not stored on the handset.

As mentioned above, we appreciate that security is a top priority for our customers. We work with the industry leaders in security and constantly review our procedures to ensure they are in line with industry best practices.

I hope this helps clarify things.
Pat

Thank you Pat.

I appreciate the response, though you are still not answering the questions. By the tests already outlined you are storing something functionally equivalent to the login number on the device, I don't think that can be disputed.

You are also storing other data on the device, as 156K is a lot more than is needed for login information.

I hope you are not relying on 'security through obscurity', because that will not work in the long term.

If I can ask one final question on this thread:
Is it the advice from the bank that a lost or stolen phone poses no risk to account security, and that customers with lost or stolen phones do not need to contact the bank?

Bank of Ireland: Pat

Hi Javan,

In most cases, if your phone were to be lost or stolen, there is no need to contact us in relation to it.

Since customers have been advised not to write down or store their 6 digit security PIN or the PINs for their debit/credit cards, there shouldn't be an issue.

However, if any customers have stored security or login information in their phones we would advise them to erase this information from the device. If a phone that contains security info is lost/stolen, we would advise them to change all relevant PINs immediately.

Thanks
Pat

cupthehand1

Hi Pat,
sorry to veer slight OT but do you know is there any app in development for Windows Phone Marketplace?

Bank of Ireland: Pat

Hi cupthehand1,

Thanks for your question. At the moment there are no plans to launch a dedicated Windows app.

We are however working on a touch browser which will be compatible with the Windows phone OS and Blackberry. We will post here if we have any further updates.

Thanks
Pat

ct5amr2ig1nfhp

Hi Pat,

Installed the BOI app today and it asked for root permission. I've uninstalled the app again for now.

Why is the BOI app asking for root permission?

I am on stock 4.0.3 (rooted).

BN

cooperguy

Hi,

Id also like to say that this app is extremely useful. Good Job!

My one question, is there any plans to include NFC abilities in the app (or a separate app?) I have a HTC One X and would love to be able to use its ability for contactless payments. As this feature is only going to get more common in phones I hope its on the cards for the future?

Bank of Ireland: Laura

Hi cooperguy.

We are delighted to hear you like the new app.

Bank of Ireland: Linda wrote: »

The mobile banking app will not have NFC capabilities for the moment. It may be something we will look at in the future but there are no plans yet.

Thanks for your query.
Laura

Bank of Ireland: Linda

Hi BearNecessities,

We have been notified of this issue previously. We have identified a resolution on the root access, which we hope to have in place very soon. Once it's in place users should no longer be asked for root access when downloading the app.

Thanks
Linda

realnerds

I am in the US for a few months and would really like to DL this app. I run into the aforementioned region code issue. So, pretty useless to me at the moment.

Bank of Ireland: Pat

Hi realnerds,

Apologies that you are unable to download the app.

Bank of Ireland: Linda wrote: »

Because financial regulation can vary across different countries we need to ensure that the version of our App complies with the local regulation. This can require a separate build of the App

We are looking into having the app made available in other regions, although we don't have any dates as of yet. There is an option that may work for you. Use your Irish sim and try connecting to the Google Play store through WiFi and download that app that way. We have had mixed feedback in relation to using this method, it may or may not work for you.

If you download the app in this way, we would advise you to connect this way periodically to ensure you stay up to date with the latest releases.

Thanks
Pat

realnerds

Bank of Ireland wrote:

Because financial regulation can vary across different countries we need to ensure that the version of our App complies with the local regulation. This can require a separate build of the App
Pat

This is not quite true but it is nice to see a bank taking the high road. If this were the case I would not be able to conduct online banking from countries around the world unless the 365 website met the security and laws of every country. The internet is one big world, not based on the banking laws of Ireland. It is about access, not banking laws.

I do not have a Irish sim chip with me, I have diverted my home number to my US cell phone.

Is there anyway you can email me the app? Otherwise I will ask someone else to.

Cheers and thanks for actually caring and answering my previous message, this places BOI way ahead of the rest.... now if the APP were truly an Internet app and not an Irish only app....

Bank of Ireland: Pat

Hi,

Thanks for the appreciation. Unfortunately, we don't have the option of emailing the app directly to you. We've had the issue of the App not being made available in regions outside of Ireland and the UK before and passed on the feedback to our Mobile Banking team. We'll post here when we have any updates.

Thanks again,
Pat

h57xiucj2z946q

Anyone who has the app downloaded can take the apk off their handset and make it available for those who can't access it.

I can do this for those, if it won't get me in trouble here?

Also, BOI could give info on their signing cert:

$ unzip -p com.bankofireland.mobilebanking-1.apk META-INF/BOIANDRO.RSA | keytool -printcert

So a user can verify the cert on a version here to be sure it hasn't been tampered with or modified. The certs should be identical.

laoisfan

Hi

I have used this app now for a few weeks and I have to say "Well done BOI!". Great 1st attempt. Not a lot I could find wrong with it.

I am on a Samsung Galaxy 3 - Android 4.0.4.

As regards "the system keyboard" issue. I use SwiftKey 3 and I run into this warning about it not being a system keyboard. I am wondering if it is possible for the app to use the system keyboard by default? Not sure, you would have to check with the developers and they in turn check the Android API.

Other than that...great app!

Bank of Ireland: Graham

Hi laoisfan,

As this is a security message, we currently have no plans to change it. However, thank you very much for your suggestion. We've forwarded it, along with your much appreciated feedback, to our Mobile Banking Team.

Thanks again,
Graham

thehomeofDob

Bank of Ireland: Linda wrote: »

Hi BearNecessities,

We have been notified of this issue previously. We have identified a resolution on the root access, which we hope to have in place very soon. Once it's in place users should no longer be asked for root access when downloading the app.

Thanks
Linda

I haven't used the BOI app in a few days, still I had another root request just now. The issue still hasn't been fixed.

Bank of Ireland: Laura

Hi thehomeofDob.

Apologies if you are still experiencing issues when using the app.
We are looking into this for you and will post here as soon as we hear back from our Mobile Banking Team.

Thanks.
Laura

laoisfan

Hi

Samsung Galaxy S3.
Recently updated to Android version 4.1.1

The stock keyboard minimizes after entering required input for each input field

e.g. enter certain digits of the pin code. For each field entry it minimizes.

Once has to click the next field for the keyboard to re-appear to continue.

This is rather annoying. Looks like BOI App issue, this is not happening with other apps which use the keyboard.

Thanks.

Kopparberg Strawberry and Lime

laoisfan wrote: »

Hi

Samsung Galaxy S3.
Recently updated to Android version 4.1.1

The stock keyboard minimizes after entering required input for each input field

e.g. enter certain digits of the pin code. For each field entry it minimizes.

Once has to click the next field for the keyboard to re-appear to continue.

This is rather annoying. Is this a BOI App issue or ??

Thanks.

same here

kenyard

its down to the keyboard rather than jellybean i reckon.
im running a custom 4.1.2 rom and the stock keyboard on that (i dont know what it is, but its v similar) and it doesnt minimise after each entry.
did my head in on the stock rom though alright. espeically when login wanted DOB aswell as 3 numbers of code

i think its more an issue on samsungs part here than BOI app. another 2-4 weeks and the 4.2 android update should be out where its hopefulyl resolved

laoisfan

kenyard wrote: »

its down to the keyboard rather than jellybean i reckon.
im running a custom 4.1.2 rom and the stock keyboard on that (i dont know what it is, but its v similar) and it doesnt minimise after each entry.
did my head in on the stock rom though alright. espeically when login wanted DOB aswell as 3 numbers of code

i think its more an issue on samsungs part here than BOI app. another 2-4 weeks and the 4.2 android update should be out where its hopefulyl resolved

Thanks - but this is the only app affected. Weird!!