The letter is here if you love some regulatory weeds
3 Likes
These companies are authorised by the FCA aren’t they? They same organisation now frothing at the mouth about lack of proper controls?
What do these companies have to prove to be authorised in the first place? Perhaps the FCA needs to look at their own processes?
1 Like
Yes, this is my point. It’s all well and good, now, saying “you all need to be better” but it was the FCA who own the guidance in the first place, so the change really ought to start with them.
1 Like
I don’t think the EMI rules work for the size of some of the companies who have those licenses, and they need revision to meet the current world of big EMIs who can’t be trusted with a banking license.
2 Likes
I think this might be slightly unfair. Authorisation usually takes place at the beginning of a company’s journey. Some, like Dozens (RIP), remain pretty small, some, like Revolut, become huge systemic behemoths.
More than that, this letter seems like it’s just reminding companies of their existing obligations. That’s good practice to do before taking enforcement action.
I’m not sure what the problem is?
4 Likes
And had you installed from some other place, or was this an error?
I’d put money on another source
3 Likes
Some devices don’t support Google store. So people download the APK from the web.
1 Like
I don’t know what APK is, but I guess Rev is correct to close those apps down, as they introduce an attack vector to its systems?
2 Likes
APK is the EXE of the Android world. And you’re right there’s no trusting that they’re not malicious or tampered with.
3 Likes
If that’s the case, why on earth would anyone download their BANKING app from a third party??! That’s got to be dodgy as hell, right? How do you know it’s not sending all your personal information, transaction data, security codes, card numbers etc. back to a third party?
3 Likes
And yet people still complain…same on iOS with jailbroken devices. I’ll bet the same people also kick-off to their bank when someone rob’s their details
5 Likes
You can get cryptographically signed APKs it’s not just some random APK, but really you should be checking the signature yourself on each update and most people probably don’t.
3 Likes
Monzo’s apk files have been routinely uploaded to apkmirror for years by the same apkmirror account - an account suspected to be controlled by Monzo. This isn’t ‘mystery’, ‘smoke+mirrors’ (pun intended) or ‘dark web’ by any means.
I tend to get the apk manually from the official (beta) release app & decompile it for analysis before the same-version apk is uploaded to apkmirror.
@kolok is spot-on with the security PSA, check those signatures if you go down the unofficial route.
4 Likes
Speaking of which, haven’t you been served with 5.16.0?
3 Likes
I have.
But I’ve been holding out for updated flags (which are released/updated at any time - not in sync with an app release) to check something…
If no 5.16.x or 5.17.0 by Thursday, I’ll ignore the little birdy and do a teardown.
1 Like
2 Likes