South Africans should ensure they only download banking apps from official app stores.
Mobile banking apps offer a convenient and safe way to transact and pay online and most of South Africa’s major banks offer these apps on both the Google Play and Apple App stores.
However, with Huawei’s latest devices no longer supporting the Play Store, these users have to make use of Huawei’s AppGallery to download and use banking apps.
FNB and Discovery Bank’s apps are not officially available on the Huawei AppGallery yet, but their APK (Android Package Kits) can be downloaded and installed via unofficial websites and other online platforms.
Certain smartphone users may, therefore, be tempted to download one of these APKs to use their bank’s app, even though these sites offer no guarantee that the app is legitimate.
MyBroadband asked South Africa’s major banks about the safety of downloading banking applications from sources other than the established mobile app stores.
Managing Executive for Customer Value Management at Absa Retail and Business Bank Christine Wu said the bank regularly invests in new, updated technologies to counteract various fraud vectors, including the app space.
Absa has not noted instances of fraudulent versions of its mobile banking app, although clones of its websites have been used for phishing.
Wu urged Absa customers to only download mobile apps from approved mobile stores – the Google Play Store for Android, Huawei AppGallery for Huawei, and Apple App Store for iOS devices.
“Very stringent processes and tests are carried out by app stores to ensure that only Absa can publish an app with the Absa brand and security specifications,” Wu explained.
“Downloading an app from any other source is extremely dangerous. Apart from being fraudulent, there are no rigorous security and quality steps, potentially leading to further problems beyond the fraud,” Wu warned.
FNB Head of Digital Banking Giuseppe Virgillito said the bank has put measures and processes in place to monitor spoofing apps.
“‘Sideloading’ or downloading the FNB App Android Package Kits (APKs) from unofficial sources, significantly increases the risk of downloading a fraudulent or malicious app which could compromise the user’s credentials and potentially have them exposed to fraud and possible financial loss,” Virgillito warned.
“We implore our customers to download the FNB Banking App from official app stores – for Apple mobile users the App Store and Android the Play Store,” he said.
For those customers who have a device that does not currently support FNB’s banking app, Virgillito encouraged using FNB’s mobile banking website – fnb.co.za accessed via their phone’s web browser.
Standard Bank said it has not seen instances of malicious parties creating spoof banking apps.
The bank said although it’s not easy to assess the complete online behaviour of its customers, it scans the internet and social media platforms for malicious apps, websites and content impersonating Standard Bank, and where found, these are shut down.
“The most common form of cybercrime recently has been phishing for credentials on spoof websites as well as vishing [voice phishing] and smishing [sms phishing],” the bank said.
The bank said downloading banking apps from unofficial sites makes it difficult to determine if they are legitimate.
“Only access or download our banking apps from trusted sources such as the Apple App Store and Google Play Store,” the bank implored.
Its banking app is also available on the Huawei AppGallery.
It warned customers to never click on links or attachments in emails, SMSes or public websites to access or download online banking or its banking app.
Nedbank said it makes use of a third-party service to scour the internet for instances where unauthorised copies of its apps are available for download, to have these removed.
Thus far, however, it had not seen such apps surfacing.
“Unofficial apps could serve as a trojan horse, allowing malware to be installed on the device. Thus, compromising data or passing credentials and sensitive personal information to malicious actors,” the bank cautioned.
“All Nedbank apps are digitally signed, and if the code of the app has been altered in any way, Nedbank will not allow that app to transact,” it explained.
Nedbank’s banking app is available from the official Apple, Google and Huawei app stores.
Additionally, Nedbank clients are advised not to use jailbroken Apple or rooted Android devices for banking app installation.
“A jailbroken/rooted device puts users as a significant risk, as almost all security controls can then be circumvented, even when using legitimate apps,” the bank stated.
Capitec said it actively monitors for impersonating versions of its banking app and if one is found, its team will ensure the store or website removes it immediately.
To date, it had not encountered such an app.
It recommended customers don’t download app APKs from unofficial sources, which could expose their devices to malicious software.
“Apps from unofficial sources could contain malicious code added to the app with the intention of capturing sensitive information such as your username and password,” Capitec explained.
“Only download apps from official app stores such as the Apple App Store, Google Play and Huawei AppGallery as these stores have controls in place to ensure the safety and legitimacy of the apps available,” it advised.
It added that users should always check that the publisher name matches the company you intended to download the app from and read the reviews and ratings posted about the app.
Discovery Bank said it employs sophisticated counter technology to identify and prevent unapproved apps attempting to access banking functionality.
“We work closely with Apple, Google, and Huawei to ensure our app is secure and works optimally on a wide range of devices,” the bank said.
“Cyber-crime is on the rise, and clients need to ensure they keep devices secure by only downloading and using apps that are approved by their respective operating system providers,” the bank stated.
It strongly advised its customers to only download its banking app from the Google Play Store and the Apple App Store.