Ulster Bank mobile app reads your phone's contact data! OUTRAGE!

ykc08

Guys,

Am I the only one who finds it utterly outrageous that the new update for Ulster Bank's mobile app has updated permissions, namely that it can read your contact data!

What does a banking app need to do that for? It's not Facebook nor LinkedIn.

I for one will be deleting the app. Who the hell do they think they are? That should not be legal.

unclebill98

How do you know this? I've not got notification for an update. What platform are you on?

ykc08

I'm Android, HTC. I saw this a while back. I was prompted for an update and saw the new permissions which I had to agree to update the app. Today I realized that I should share this information.

Chances are that most people automatically updated their apps and haven't noticed this horrible act on the bank's part.

To check go to Apps, manage apps, locate the app and view its permissions. If 'Read contact data' is listed as a permission, you've already updated to this version.

unclebill98

Im on a IP5, so cant see that info.

It would be strange to need to access that data.

danthefan

The AIB app can too. I really don't care.

Random

maybe im wrong to think it but of all the apps that ive given phonebook access to i would be least concerned about the likes of ulster bank and aib. have you contacted them to ask for the reasoning?

delthedriver

danthefan wrote: »

The AIB app can too. I really don't care.

Are you not concerned that details of all your contacts have been handed to AIB?

Will your friends appreciate receiving phone calls from AIB call centre , trying to sell various financial products.

It looks like AIB and Ulster Bank are acquiring a database very both cheaply and cheekily!

We are of course talking about some of the Banks who were responsible for their part in messing up The Irish Economy and the lives of thousands of Irish people

Random

their email address is androidplc.mobile.support@rbs.com
drop them a mail and ask. id be interested to know too.

their description on the play store does not mention phonebook usage though:

To allow you to enjoy all of the features listed you will need to accept the following permissions:
Network communication for connectivity.
Your location to find your nearest cash machine or branch.

AltAccount

delthedriver wrote: »

Are you not concerned that details of all your contacts have been handed to AIB?

Will your friends appreciate receiving phone calls from AIB call centre , trying to sell various financial products.

It looks like AIB and Ulster Bank are acquiring a database very both cheaply and cheekily!

We are of course talking about some of the Banks who were responsible for their part in messing up The Irish Economy and the lives of thousands of Irish people

Lots of your apps already have this permission.

How many of them have used the information to call your friends to sell them a product or service?

average_runner

ykc08 wrote: »

Guys,

Am I the only one who finds it utterly outrageous that the new update for Ulster Bank's mobile app has updated permissions, namely that it can read your contact data!

What does a banking app need to do that for? It's not Facebook nor LinkedIn.

I for one will be deleting the app. Who the hell do they think they are? That should not be legal.

Most apps do this. Angry birds takes the most info from ur phone.


No other bank except my own has ever contacted me over last 20 years.

unclebill98

delthedriver wrote: »

Are you not concerned that details of all your contacts have been handed to AIB?

Will your friends appreciate receiving phone calls from AIB call centre , trying to sell various financial products.

It looks like AIB and Ulster Bank are acquiring a database very both cheaply and cheekily!

We are of course talking about some of the Banks who were responsible for their part in messing up The Irish Economy and the lives of thousands of Irish people

Banks can not simply just call people from your contacts. There are strict rules about code calling.

delthedriver

AltAccount wrote: »

Lots of your apps already have this permission.

How many of them have used the information to call your friends to sell them a product or service?

In my personal situation, none ,because I have not given permission.
So if they don't call your contacts by phone they can still contact by text.
The security of my contacts details is of paramount importance.
I would be horrified if one of the banks mentioned contacted me in the above fashion
Do people understand what they are doing when allowing apps this permission, or is it simply given in good faith?

Gordon

It's probably so you can save contact numbers to your address book from the app. Just ask them!

delthedriver

unclebill98 wrote: »

Banks can not simply just call people from your contacts. There are strict rules about code calling.

Thank you I understand your comment, there are very Strict rules regarding cold calling. So why are they looking for details of your contacts.

The banks have shown in the past how good they are in adhering to corporate governance.

Leaving banks aside, why do the other apps request details of your contacts?

unclebill98

I've no idea TBH.

Like i said its a strange one. Its not used for verification of the app cause thats done via text/code inputs etc. The app itself does not
give you numbers for you to save either.

I defo think they could do with explaining it.

Random

the google play store explains the permission like this:

YOUR PERSONAL INFORMATION
READ YOUR CONTACTS
Allows the app to read data about your contacts stored on your tablet, including the frequency with which you've called, emailed, or communicated in other ways with specific individuals. This permission allows apps to save your contact data, and malicious apps may share contact data without your knowledge. Allows the app to read data about your contacts stored on your phone, including the frequency with which you've called, emailed, or communicated in other ways with specific individuals. This permission allows apps to save your contact data, and malicious apps may share contact data without your knowledge.

this doesnt explain to me why they need the permission though. ask them is best.

ykc08

It's true that there are random apps and games by dodgy developers out there that do this sort of thing and god knows if uncle Google is saving your every single keystroke and knows all your passwords. But you'd expect more from a bank. This is serious stuff.

kirving

If you back up your contacts via Google, they have access to your contacts anyway.

I think that due to the open.source nature of Android, app developers can utilise certain parts of the OS which already exist. So rather than writing a whole load of code to call the bank via the app, it can just dip into contacts section of your phone, and make a call using the phone's OS.

28064212

delthedriver wrote: »

Are you not concerned that details of all your contacts have been handed to AIB?

Will your friends appreciate receiving phone calls from AIB call centre , trying to sell various financial products.

That would be illegal, and not very difficult to catch them out if they were doing it. Secondly, you realise that the previous versions of both apps allow UB/AIB to get your GPS location? They could be building a database of your every movement! Also illegal. And they use it so you can find your nearest ATM

Thirdly, the reason for AIB's app needing permission to read contacts is because it allows you to easily select a mobile to top up from your contacts. I assume UB's app can do the same. It's a minor feature, handy in some cases, and the only way it could be implemented is by requesting that permission

And lastly, it's utterly bizarre that you would trust banks with your money, but won't trust them with some phone numbers that wouldn't be very useful to them anyway

delthedriver

28064212 wrote: »

That would be illegal, and not very difficult to catch them out if they were doing it. Secondly, you realise that the previous versions of both apps allow UB/AIB to get your GPS location? They could be building a database of your every movement! Also illegal. And they use it so you can find your nearest ATM

Thirdly, the reason for AIB's app needing permission to read contacts is because it allows you to easily select a mobile to top up from your contacts. I assume UB's app can do the same. It's a minor feature, handy in some cases, and the only way it could be implemented is by requesting that permission

And lastly, it's utterly bizarre that you would trust banks with your money, but won't trust them with some phone numbers that wouldn't be very useful to them anyway

Interesting comments. Remember the Ulster Bank fiasco last summer,when all the computer systems went down for some weeks. What was the cause?
Without the Government Guarantee scheme the banks would not be in business.
So for trusting them with our money ??? Do you?
Tell that to the unfortunate pensioners who had invested their life savings in Bank Shares.
The banks must have a reason for collating all these contact names etc. why else would they collect them.
Directing us to our local ATM may be valid, seeing as AIB no longer deal with cash on Thursdays. Personally I rarely use my ATM card, it is a Visa debit card which is accepted in most retail outlets, here and abroad.
Topping up our mobile phones? I would expect most people are on a monthly bill pay for their phone.
You have some very valid points, however I am suspicious.
Perhaps the whole issue is a question for the Data Protection Commissioner? After all if the Banks are legitimately collating this information, storing it, but not using it. Seems rather odd. Perhaps they should not be retaining the info?

28064212

delthedriver wrote: »

Interesting comments. Remember the Ulster Bank fiasco last summer,when all the computer systems went down for some weeks. What was the cause?
Without the Government Guarantee scheme the banks would not be in business.
So for trusting them with our money ??? Do you?

Do you have a bank account? Then yes, you are trusting them with your money. If you didn't, you'd store it in your mattress

delthedriver wrote: »

The banks must have a reason for collating all these contact names etc. why else would they collect them.

There is no evidence whatsoever that they are collecting contact information. In fact there are plenty of apps that will monitor exactly what is being sent over the network. Install one and check what the app is sending if you're that worried.

delthedriver wrote: »

Directing us to our local ATM may be valid, seeing as AIB no longer deal with cash on Thursdays. Personally I rarely use my ATM card, it is a Visa debit card which is accepted in most retail outlets, here and abroad.

The vast, vast majority of people do use ATMs. And I didn't just make up a possible reason for it, this feature is implemented. Open the app yourself and check

delthedriver wrote: »

Topping up our mobile phones? I would expect most people are on a monthly bill pay for their phone.

Again, I didn't make this up, I checked it. AIB app => Banking => Enter details => menu => Mobile Top Up => Click the magnifying glass. It will then allow you to directly select a number from your contacts to top up. There is no way to implement this feature without the "Read Contacts" permission

delthedriver wrote: »

You have some very valid points, however I am suspicious

It's an absurd suspicion. You might as well be suspicious that they're selling your personal information (which they have far more of than just a phone number) to spammers

unclebill98

delthedriver wrote: »

Without the Government Guarantee scheme the banks would not be in business.
So for trusting them with our money ??? Do you?

Just to clarify this point. UB are not part of scheme to protect 100% of peoples deposits. Only the standard.

Never thought of the mobile phone top up thing. Not sure UB have that feature but I've never used it so It could be there.

Kenny Logins

ykc08 wrote: »

Guys,

Am I the only one who finds it utterly outrageous that the new update for Ulster Bank's mobile app has updated permissions, namely that it can read your contact data!

What does a banking app need to do that for? It's not Facebook nor LinkedIn.

I for one will be deleting the app. Who the hell do they think they are? That should not be legal.

Calm down. Does the app have a facility to search for a local branch and call it or save the number to your contacts? If so, it needs permission.

Random

i emailed ulster bank. the permission is there by mistake. they say they do not use it. they are working on getting it removed in the next update. quick, prompt and apparently honest reply from them. thatll do for me.

ykc08

Random wrote: »

i emailed ulster bank. the permission is there by mistake. they say they do not use it. they are working on getting it removed in the next update. quick, prompt and apparently honest reply from them. thatll do for me.

My thoughts on this:

1. The person who replied to your email is Customer Service Reprentative
2. They do what their supervisors tell them, whom in turn are told how to respond to such queries, whom in turn are told by higher-ups in the company how to handle such situations.
3. Companies of this size monitor sites like this.
4. When this sort of situation arises, they are 'Put out the fire' mode - they want to minimize the negative effect it can have on customer opinion/trust/whatever.
5. A software update needs several sign-offs in order for it to be released - a Product Analyst writes the requirements which are then discussed, implemented and tested before release. This involves several departments and key stakeholders in the project.
6. 'Mistakes' like this don't just happen. Implementing this feature is a delibarate, planned process. Companies don't just let their developers do what they please and release updates willy-nilly - there legal implications to this.
7. They say they don't use. That's not apparently honest, that's seemingly absurd, for want of a better term (obscenity).

donspeekinglesh

I use LBE Privacy Guard, so I denied the UB app access to my address book when I updated. But having checked I can see it has never actually tried accessing my contacts.

BuffyBot

At this moment in time, there would appear to be nothing more than error, and UB's explanation seems perfectly rational. ykc08, if you can come back with actual facts about the accusations you're making, then this thread might stand a chance of being re-opened, but as it stands you seem to be throwing out your assumptions as internet FACT, which they are not.