Wait what?
So they don't want to spy on us, and track us through our phones!??!
Does that mean House was wrong again?
But none of these given "explanations" actually explain away the possibilities of exploitation, via malice or incompetence.
-----------
Contacts
Used by the phone feature of the app to make free calls to FNB call centres, bankers and other FNB app users, or to call any number in your contact list at discounted rates. Also allows the client to purchase pre-paid or send money directly from contacts.
-----------
...well course that's what it "officially' uses the contact list for. It still gets access to the contacts list. If the app is compromised or badly designed, it could leak this data. Security risk #660 (
http://www.bibliotecapleyades.net/s... Using Data from Leaky Smartphone Apps to Spy)
-----------
Location
Used by the Geo Payments feature to let you pay someone within close proximity using GPS location, without exchanging bank details. It is also used by the branch and ATM locator to find the nearest location to you.
-----------
...well of course the GPS is required to enable these location-based-services, but by making use of them, the bank will know where you are. If the bank is compromised, others will know where you are. Your phone company, and the security cluster, already know where you are. Security risk #661 (
https://www.eff.org/wp/locational-privacy) and (
http://mybroadband.co.za/vb/showthr...ip-data-of-NYC-cabs-easily-reverse-engineered)
----------
SMS
Used when linking an eWallet to the FNB app. A one-time PIN that is SMSed to you is read by the FNB app to authenticate your device. This is so you don’t need to enter the one time PIN when making transactions on the App.
-------------
Of course the app needs SMS access to make use of SMS features to implement application requirements, but once an app has access, it can do what it wants, and it's a black box, so you don't know what it wants. Security risk #662 (
http://boingboing.net/2012/08/23/civilwar.html)
-------------
Phone
Used to make a call over your mobile operator network when the phone feature of the FNB app is unavailable, such as when you don’t have good data network quality at the time of making the call.
-------------
Did you read that? You are supposed to only make calls through the FNB app now, unless for some reason you have to fall back to the basic system. Build it and they will come!. Security risk#663 (
https://en.wikipedia.org/wiki/Embrace,_extend_and_extinguish)
------------
Photos
Used by the messaging feature of the FNB app to send photos to another FNB app user that you are chatting to. Apart from in-chat multimedia you can also send money, airtime, data bundles or iTunes vouchers to the person that you are chatting to. FNB has patented its in-chat money transfer system in South Africa.
-------------
Well of course if the app provides photo-based features then it would need access to the camera, but now another app has access to the camera. This means your bank has access to your camera, if the bank if compromised, or the FNB software has vulnerabilities, it could be hijacked for other purposes. Also goodbye anonymous cash transfers. The bank and the attached authorities will know more and more about your spending habits and social circle. Security risk #664 (
http://www.bibliotecapleyades.net/sociopolitica/sociopol_globalbanking48.htm)
------------
Wi-Fi Connection Information
This allows the FNB app to connect via Wi-Fi
-----------
This is an "explanation"? Security risk #665 (
http://tech.slashdot.org/story/14/0...s-can-take-your-pulse-right-through-the-walls)
------------------
Device ID
This is used to identify the device when the app connects to FNB.
-------------------
Well, the bank knows you best, doesn't it? Security risk #666 (
http://www.bibliotecapleyades.net/sociopolitica/sociopol_bigbrother48.htm)
All these different "permissions" on the OS are pointless if every app "needs" every one of them...
