Personal Finance

Tangerine inspired by Facebook's success

  • Last Updated:
  • Mar 28th, 2018 8:25 am
Deal Addict
Sep 19, 2009
2280 posts
991 upvotes
Toronto

Tangerine inspired by Facebook's success

So, as the title says, Tangerine inspired by Facebook's success, spys on you as much as Facebook trough the mobile application:

- it uploads all your contacts on remote servers
- always knows where you are
- listens to your conversations
- makes remote copies of files stored on your phone
- makes / receives background voice calls using your phone - this feature was added with today release.

Image
Last edited by andrew4321 on Mar 26th, 2018 2:08 pm, edited 1 time in total.
9 replies
Deal Addict
Nov 25, 2014
1739 posts
960 upvotes
Newton Brook, ON
andrew4321 wrote: - it uploads all your contacts on remote servers
- always knows where you are
- listens to your conversations
- makes remote copies of files stored on your phone
- makes / receives background voice calls using your phone - this feature was added with today release.


These aren't uploaded to remote servers. Contacts are pulled up for email transfers, location is needed for the ABM locator, and phoning is available on the help screen. None of this is new, and there wasn't even a new release today.
You need someone with an umbrella not a fork
Member
User avatar
Apr 13, 2009
494 posts
433 upvotes
Toronto
You are right. But theoretically the permission is out there, so they can do whatever they want without asking you any further.
Deal Addict
Nov 25, 2014
1739 posts
960 upvotes
Newton Brook, ON
zajacik99 wrote: You are right. But theoretically the permission is out there, so they can do whatever they want without asking you any further.
And theoretically the bank holds your money, so they can steal all of it. :facepalm:

Again this is nothing new. These are the basic functions of a mobile banking app. What would you suggest?

RBC:

Contacts
Location
Phone
Photos/Media/Files
Storage
Camera
Wi-Fi

TD:

Device & app history
Identity
Contacts
Location
Phone
Photos/Media/Files
Storage
Camera
Wi-Fi

CIBC:

Contacts
Location
Photos/Media/Files
Storage
Camera

Scotiabank:

Identity
Contacts
Location
SMS
Phone
Photos/Media/Files
Storage
Camera
Wi-Fi

BMO:

Identity
Contacts
Location
Phone
Photos/Media/Files
Storage
Wi-Fi

For good measure, here's RedFlagDeals Forums:

Location
Photos / Media / Files
Storage
Wi-Fi

This just in: RFD always knows where you are and makes remote copies of all your files.
You need someone with an umbrella not a fork
Deal Addict
Jan 30, 2012
1836 posts
1399 upvotes
TORONTO
andrew4321 wrote: So, as the title says, Tangerine inspired by Facebook's success, spys on you as much as Facebook trough the mobile application:

- it uploads all your contacts on remote servers
- always knows where you are
- listens to your conversations
- makes remote copies of files stored on your phone
- makes / receives background voice calls using your phone - this feature was added with today release.
No.

There is a difference between permissions that an app asks for, and the permissions an app needs to run. If you don't give an app permission to read your contacts, will it still work to log in and view your bank balances?

There is a difference between what permissions you give an app, and what the app does with those permissions. If you give an app permission to read your contacts, then the app could take those contacts and copy them to a remote server. But once you give an app permission to read your contacts, it is difficult to determine what the app is doing with that info.

Of course, this presumes that the app security model is working. If an app is able to ignore the permissions set by the operating system, all bets are off. Apple did this with Uber - the Uber app has extra permissions on the phone that the user has no control over and can't turn off: https://gizmodo.com/researchers-uber-s- ... 1819177235

In summary, apps suck. Use the bank's website instead.
Deal Addict
Nov 25, 2014
1739 posts
960 upvotes
Newton Brook, ON
M8Rxmjsik wrote: No.

There is a difference between permissions that an app asks for, and the permissions an app needs to run. If you don't give an app permission to read your contacts, will it still work to log in and view your bank balances?

There is a difference between what permissions you give an app, and what the app does with those permissions. If you give an app permission to read your contacts, then the app could take those contacts and copy them to a remote server. But once you give an app permission to read your contacts, it is difficult to determine what the app is doing with that info.

Of course, this presumes that the app security model is working. If an app is able to ignore the permissions set by the operating system, all bets are off. Apple did this with Uber - the Uber app has extra permissions on the phone that the user has no control over and can't turn off: https://gizmodo.com/researchers-uber-s- ... 1819177235

In summary, apps suck. Use the bank's website instead.
That presumes your PC's browser and operating system have not been hijacked, and bank employees at the highest levels have not gone rogue.

In summary, buy gold.
You need someone with an umbrella not a fork
Deal Addict
Jan 30, 2012
1836 posts
1399 upvotes
TORONTO
nmclean wrote: That presumes your PC's browser and operating system have not been hijacked, and bank employees at the highest levels have not gone rogue.
There is a difference between an application functioning as intended and taking your private info, and the device being hacked by a third party and taking your private info.
Deal Addict
Nov 25, 2014
1739 posts
960 upvotes
Newton Brook, ON
M8Rxmjsik wrote: There is a difference between an application functioning as intended and taking your private info, and the device being hacked by a third party and taking your private info.
Not when the third party is the app developer and taking your info is "functioning as intended", which is what's being suggested here.

If you think a mobile banking app will, like Uber, be granted access without your consent by your phone OS, and the app will take advantage of that maliciously, then you should be just as afraid of the same on your PC. More afraid, even, considering the granular device permissions aren't enforced by Windows as they are by Android for example. After all, streaming, location etc. are already web standards. All it would take is a browser to "forget" to ask your permission. Who's to say Tangerine isn't working with Google or Mozilla to auto white-list tangerine.ca, allowing them to turn on your laptop webcam and microphone and download a live stream of everybody and record their movements without their knowledge?

You can't have it both ways. If mobile apps "suck" for the above reasons, then so does any other cloud-based app on any other OS, and you should just go hide off the grid. If a bank is truly conspiring to undermine your privacy, then that bank should be avoided completely, whether it's mobile, web, or in person. The paranoia should at least be consistent, or it would be even more irrational than it already is.
You need someone with an umbrella not a fork
Sr. Member
User avatar
Oct 19, 2016
650 posts
208 upvotes
Toronto
Just because it has the ability, does not mean it is doing all these things you claim.

Just because you have the ability to rob a bank, does not mean you are robbing the bank.

Just because you have the ability to do drugs, does not mean you are a druggie.

etc etc etc
andrew4321 wrote: So, as the title says, Tangerine inspired by Facebook's success, spys on you as much as Facebook trough the mobile application:

- it uploads all your contacts on remote servers
- always knows where you are
- listens to your conversations
- makes remote copies of files stored on your phone
- makes / receives background voice calls using your phone - this feature was added with today release.

Top

Thread Information

There is currently 1 user viewing this thread. (0 members and 1 guest)