Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Concern over app permissions of 365 app for Android

  • 13-01-2014 11:10am
    #1
    Registered Users, Registered Users 2 Posts: 348 ✭✭


    Hi 
    I was just doing a quick review off my apps on my phone, and I noticed that the Bank of Ireland 365 app has access to read my call logs and and read my contacts. 
    A few questions
    1. Why does a banking app that is secure, need access to my call logs and read my contacts? I think there is no need for that, but maybe there is a reason?

    2. What details of my contacts does Bank of Ireland store. name, email phone , home address etc? 

    3. If BOI is taking my contact details and call logs, how long are these stored for and are they stored within Ireland or outside of Ireland

    4. If stored outside of Ireland, is it within the EU

    5. Is this data shared with any third party providers, and if so, how long does each 3rd party store the data and has Bank of Ireland certified that all third parties who are given data are fully compliant with EU and Irish Data Protection legislation. 


Comments

  • Closed Accounts Posts: 1,060 ✭✭✭Bank of Ireland: Alison


    [font=Verdana, sans-serif]Hi northwestramble[/font]
    [font=Verdana, sans-serif] [/font]
    [font=Verdana, sans-serif]Thank you for taking the time to post your questions relating to our 365 App.[/font]
    [font=Verdana, sans-serif] [/font]
    [font=Verdana, sans-serif]We are looking into your query at present. We will come back with a response for you.[/font]
    [font=Verdana, sans-serif] [/font]
    [font=Verdana, sans-serif]Thanks[/font]
    [font=Verdana, sans-serif] [/font]

    [font=Verdana, sans-serif]Alison[/font]


  • Registered Users, Registered Users 2 Posts: 348 ✭✭northwestramble


    Hi Alison 
    Thank you very much for getting back to me and for looking into it. As always, very prompt service from the team here. 
    It does seem rather strange for a bank to need access to my call logs and and contacts. I will admit, I am very concerned at this. I look forward to a nice detailed answer from BOI, outlining why they collect the data and what it is used for, along with my other queries. 

    Contacts I could sort of understand if BOI is trying to data mine and use contacts as a way to sell banking services, would not agree with this, but can understand why they would like to. The call records however, I cannot understand and to me it looks like a serious privacy issue, and is a risk BOI is could be acting against article 8 on EU human right to privacy, partially if that data was shared with other parties. I am willing to bet that no BOI customer wants BOI to know who they are calling and when :) 

    Interested if anyone else feels the same or just me :) 


  • Closed Accounts Posts: 1,060 ✭✭✭Bank of Ireland: Alison


    [font=Verdana, sans-serif]Hi northwestramble [/font]
    [font=Verdana, sans-serif] [/font]
    [font=Verdana, sans-serif]Thank you for the lovely compliment. [/font]
    [font=Verdana, sans-serif] [/font]
    [font=Verdana, sans-serif]The reason for accessing the mobile contacts relates to the 'Pay To Mobile' option we provide to customers, you can see more information on this service here [/font]
    [font=Verdana, sans-serif] [/font]
    [font=Verdana, sans-serif]We are awaiting a more detailed response in relation to the initial post. We will post this as soon as we receive it.[/font]
    [font=Verdana, sans-serif] [/font]
    [font=Verdana, sans-serif]Thank you[/font]
    [font=Verdana, sans-serif]Alison[/font]


  • Registered Users, Registered Users 2 Posts: 348 ✭✭northwestramble


    Ah very nice, so it appears the app only accesses the contact data of the person one is sending money to. If that is the case and no contact data is copied to BOI then that would be a very good way for it to be set up and BOI are indeed protecting the privacy of its customers contact info. Thanks for pointing me there. 
    I guess the full answer will clarify all of that. Thank you very much.


  • Closed Accounts Posts: 1,060 ✭✭✭Bank of Ireland: Alison


    Hi northwestramble

    Thank you again for the detailed post. We trust the detailed response will answer all your questions asked in your post.

    ● These permissions are required by the BOI app to access the contact list for the Pay to Mobile feature of the app only. In terms of the Android platform, the "read contacts" function is joined with the "read call logs" function. This means that when installing the app, Android will request to read contacts, which also automatically grants permission to read call logs. In later versions of the Android, these two items have been separated-we will look to break this out in future releases but for the moment we are concerned with supporting older versions of Android for our app also. Please be assured besides this Android technical dependency to enable access to contacts, we do not use or store any call log information for any purpose.

    ● BOI only require access to Contacts to allow a customer to select a phone number from their contacts in order to make a Pay to Mobile transaction. If a Pay to Mobile transaction is initiated, only the mobile number of the contact will be used by BOI to initiate payment and hence be stored/logged. Outside of this functionality, the app does not access or store such information.

    ● As per above, BOI only require access to Contacts to allow a customer select a phone number from their contacts in order to make a Pay to Mobile transaction. BOI do not look at the contacts data at any other time. BOI require use of the contact number 1) to map the phone number against a registered account number and 2) to send a SMS message informing the recipient that they have been sent funds. BOI do not access the call log on a customer's phone at any time.
    Again as above, on an Android device, it states that the BOI app has access to call logs and contacts. Technically, this is correct as once you have access to the contacts, by default have access to the call logs, however BOI do not use this data at any point. Contact phone number is stored as part of the financial transaction (which also includes date and amount of information) required for the financial auditing and tracking purposes (e.g. where a customer has a query on a payment). It is not stored or used for any other purpose.

    ● All data is hosted between BOI's main data centre and disaster recovery sites, which are both located on the island of Ireland. Under EU law, BOI are not allowed to store any data in a non EU location.

    ● BOI is legally required to store transaction details for a period of 7 years so data is correctly stored for this purpose. A third party partner manages the storage hardware on behalf of BOI and is fully compliant with EU and Irish Data Protection legislation. BOI does not use the data from app for any other reason other than the above stated-specifically it is not used for any marketing, analytics or advertising purposes. Please be assured BOI does not share contact details with any third party.

    Thanks
    Alison


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 348 ✭✭northwestramble


    Hi Alison
    That is great, thank you for that, is a very good answer and very clear, and addresses all of the concerns. Nice to get such a helpful and responsive answer.
    Good to see that BOI are thinking of looking at the app to separate out access to the call logs. As best practise, that would be ideal to do.
    Have a nice day.


Advertisement