If you’ve updated your OCBC mobile banking app recently, you may have noticed an oh-so-minor inconvenience: the app doesn’t work anymore.
No OCBC app means no logging in to your internet banking, no checking of transactions, no opening of accounts, no applying for credit cards, no conversions of rewards points, no nothing.
Why? Because you’ve been a naughty boy or girl, downloading apps from unofficial sources onto your personal device- how else can you play Onii-Chan Dating Sim 3000?
But not to worry folks, it’s a feature, not a bug!
We have implemented a security feature on our OCBC Digital app to further safeguard our customers from malware. With this enhancement, we can detect any app that has been downloaded from unofficial app stores. Once these apps are detected, if you do not uninstall them, you will not be able to log in to our Internet Banking and/or the OCBC Digital app. Uninstall these apps now to access the online banking services.
-OCBC
Orwellian undertones aside, this is r/assholedesign on a whole new level, even worse than StanChart and its insistence that you keep marketing alerts on before using the app.
If OCBC had implemented this a naggy alert, that would be annoying, but ultimately harmless. By blocking the use of its app altogether and denying access to its entire banking ecosystem, it’s treating customers like children.
Not everyone sideloading apps is a clueless luddite who thinks they’re buying 50 tons of wagyu beef for $9.99, you know. There are completely innocuous reasons why I might have sideloaded apps on my phone, that don’t involve me assisting the Prince of Nigeria with his temporary cashflow issues.
For instance, when I travelled to the USA and rented an electric vehicle, many of the charging station apps weren’t available to my SG-region Google Play store. Using APK Pure allowed me to download the apps I needed. I also rented a Snoo (judge me, parents) and had to sideload the companion app, since the product isn’t officially available in Singapore. That’s not to mention the workplaces that develop their own internal apps for messaging, or phones which contain preloaded bloatware that’s not found in the Play Store.
As if that wasn’t bad enough, some online reports say the OCBC app is flagging false positives too, apps that were genuinely installed from the official app store, yet incur the wrath of the blocker. If that’s true, it’s just the icing on the crap cupcake.
Are there people who get conned into sideloading shady apps into their phone? For sure. Is that something that needs addressing? Yes. Is the right way of doing it? Certainly not. It’s too much of a blunt instrument, and this whole “we’re protecting you from yourself” thing is somewhat condescending.
Why is OCBC doing this?
It’s clear that OCBC is still smarting from its brush with MAS, who found deficiencies in the bank’s response to a wave of spoofed SMS phishing scams in December 2021.
I’ve got nothing against protecting people from scammers, but some of OCBC’s measures now border on paranoid. Case in point: MAS now mandates a 12-hour cooling period for the setting up of a new digital token on a device. Fair enough. But OCBC goes even further and adds a 12-hour cooling period on increasing transfer limits. The end result? Customers do a one-time exercise to increase all their limits beyond what they may normally require, just in case, which defeats the purpose entirely.
And now we have to deal with this nonsense. OCBC insists that the new feature is not Big Brother in your pocket, but the optics are still creepy in the extreme.
We would like to assure our customers that our new security feature does not collect nor store any personal data from customers. This technology detects apps that are not downloaded from official app stores only when the OCBC Digital app is opened. It does not identify the owner of the device. All it does is to alert customers to apps that could compromise the device to malware scams. We apologise for any inconvenience caused. We seek your patience as this feature is aimed to safeguard customers from malware scams.
-OCBC
Conclusion
You’ll no longer be able to use the OCBC banking app if your phone has any apps that OCBC deems as unofficial. This may have started out with good intentions, but the implementation has as much nuance as a baseball bat to the head, and smacks of overreach.
Will OCBC walk back the move? Well, there’s an uproar online, and the OCBC banking app, which before weekend was scoring around 4.5/5 on Google Play, is now at 4.1 and falling fast.
My hope is that common sense will eventually prevail, and OCBC will downgrade this to a nag message. That will still be annoying, don’t get me wrong, but at worst adds a couple of taps to your user journey.
Right intention. Terrible execution.
“OCBC insists that the new feature is not Big Brother in your pocket, but the optics are still creepy in the extreme. ”
Can’t wait for your next article on government mandated GPS trackers for all vehicles (ie the next generation IUs).
yeah, but government-mandated GPS trackers don’t interfere with my onii-chan dating sim.
Link to the onii-chan dating sim please… 🙂
well….. what were people expecting when they said they felt that banks should make good the losses ppl lose from scam…. the banks either prevents you from making that loss… or make you pay a hefty fee to offset their cost of insuring that loss…. its a business after all
This is a platform issue and should be addressed by Google. If OCBC is paranoid then don’t have an internet banking app or create their own phone OS. OCBC does not have the right to dictate how I use my phone nor even see what apps I have installed in my phone. It’s intrusion akin to inviting a guest to my house and they end up snooping in the master bed room and telling me the condoms I use are not safe enough. What the h#*% Would this not be infringement of Google Play store terms I wonder and perhaps… Read more »
One workaround is to install the OCBC app into MIUI’s Second Space, Samsung’s Secure Folder, and other brands’ equivalent. Good luck explaining to all the non-tech savvy folks how to do this though.
I found another workaround from Reddit, which is to install Shelter from F-Droid. It’s faster compared to Second Space as you don’t need to switch into a different environment.
It’s ironic that we are forced to resort to these workarounds which may make things even more unsecure…
thanks for sharing this!
All Singapore banking apps block rooted phones. Does anybody know why is that?
Worst offender is CitiBank app. They go so far as to scan folders on your device for any suspiciously named files. I have one very old, very crappy LG phone just for CitiBank app. It’s getting slower and slower. I wonder when will it refuse to open.
i think its MAS guideline and requirements for banks to block jailbroken/rooted devices
Can we all write to MAS?? This has crippled my banking experience!
And what do you expect MAS to do? They have been going around asking all banks to tighten up cybersecurity. From a cybersecurity perspective, you’ve exited the “safe” environment so your crappy app experience is your fault (right or wrong, that’s how it will be assessed). MAS won’t care about your little complaint
How could ocbc make decision on what app customer like to use, or judge which app is secured or not secured, it doesn’t matter whether it comes from Google or somewhere else.
In the end, ocbc app would be the first one be abandoned…
Take the analogy of drugs. How can the government or police make decision what kind of drugs customer like to use or judge which drug is safe or not. this is customer right correct ?
How can police say only drugs prescribed from doctor is safe . ? this is basic human right correct ? we should be able to take any drugs we like
as long as stupid china apps get banned from working on phones, it’s all good
I actually welcome this feature. Not downloading some apps is an inconvenience, but losing your retirement money, to me is akin to a death sentence.
Need to get another phone for OCBC app to work.
taking my money away from ocbc. vote with money.
A more appropriate approach would be to increase public education & awareness on recognising scam tactics & suspicious transaction requests, not such a heavy-handed invasive authoritarian method. Even Apple and Google don’t resort to such measures to block users from using Apple Pay and Google Pay.
In fact, with the new Digital Markets Act law in the EU aimed to reduce monopolisation & anti-competitive practices, operating systems must allow users to sideload apps from alternative app stores.
If you notice there are already lots pf public education and awareness sent by government and the banks and yet still many clueless people fall prey to these malware scams.
Desperate times call for desperate measures ?
And yet if they still fall for scams, that’s their fault. The onus is on each individual to be vigilant.
Let me repeat. People who get scammed deserved it. Even my relative who ignored several warnings from me lost 10-20k to scams. I don’t feel bad at all since I’ve already done my due diligence in educating them.
https://www.todayonline.com/singapore/singapore-banks-new-security-feature-curb-malware-scams-can-halt-mobile-banking-services-detecting-unauthorised-apps-2228931
The tone of this article, especially this liner…. “Mr Beaver Chua, head of anti-fraud at OCBC group financial crime compliance, told TODAY that the security feature to filter out “bad apps” is mandated by MAS.” sounds like it is not orchestrated from OCBC alone and similar feature will be rolled out by other banks.
that’s an interesting comment, but it remains to be seen whether DBS/UOB’s implementation is as ham-fisted as OCBC’s.
I could be wrong, but I find it hard to believe that MAS specifically said “block all apps from unofficial app stores”
what’s much more likely is that MAS gave the principle, and the banks then implement it the way they see best. And OCBC’s way of implementation is the overkill we see now
https://www.mas.gov.sg/news/media-releases/2023/mas-response-to-media-queries-on-ocbc-security-feature
Good luck complaining to MAS, they already admit that they know there are teething issues.
Only hope that other banks can learn from this but the principle will be applied
Who the hell is ocbc to tell me what app I can have on my phone instead of shoring up security at their end they are taking a dump on costumer that will backfire I am pretty well aware of apps on my phone and the only app I uninstall is ocbc app and shit my account of they don’t rectify yhis
Singapore being Singapore, who is surprised??? 🙄
It’ being offensive to require uninstallation of my apps to cater your OCBC’s safety issure.
I can’t recall last time when I was pissed as much as now ) Nothing in my 18 year careers in Singapore banking IT prepared me for this )