Bank taps mobile contacts, angers users

Summary:Bank of America customers have been up in arms over privacy after the bank silently updated its Android application to allow the bank to access customers' mobile contacts.

Bank of America customers have been up in arms over privacy after the bank silently updated its Android application to allow the bank to access customers' mobile contacts.

Negative reviews on the Android market
(Screenshot by Michael Lee/ZDNet Australia)

A concerned ZDNet Australia reader wrote in, noticing that after the bank updated the application last Friday, it requested additional permissions that would give the application access to a user's contact list. At the time of the update, the bank had offered no explanation of why it needed the additional permissions.

Users were quick to comment on the Android market, railing against the permission request. Users on Reddit's Android community also picked up on the permission changes.

However, when ZDNet Australia contacted the bank, it clarified that the permissions were necessary due to a new feature that the bank had rolled out.

"The latest Bank of America mobile application enables customers to access their Contacts for a new person-to-person (P2P) payment service," the bank said. "Access to contacts is purely initiated and controlled by the customer, and is provided to make selecting a P2P payee easier for our customers in the future."

Today, the bank updated the description of the application in the Android market to provide its users with more information on what the permissions do.

We've launched the ability for our customers in select US states to conveniently make transfers using a phone number or email address (functionality available nationwide in the near future). Our app can populate the transfer recipient's information from the sender's device contact data, but only if users request it during the transfer process. Only the specific recipient's contact information is accessed for the purpose of the transfer (the entire address book is not accessed).

Although the additional information should alleviate fears, some customers still remain sceptical of the need for permissions.

The United Services Automobile Association (which also offers banking) had similar issues when it tried to request permission to access contact details on its Android application earlier this month. It quickly removed the request after receiving several bad reviews on the market.

Topics: Android, Apps, Google, Mobility, Privacy, Security

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.