Financial Apps on cell phone- risks/benefits ?

Katoslake

Recycles dryer sheets
Joined
Oct 4, 2020
Messages
143
Location
San Antonio
I was wondering how many of you have financial – brokerage apps on your cell phones? We have become acutely aware of security risks due to a stolen cell phone last week. It would seem that the safest way to avoid fraud and or theft is to not have the actual apps on the phone. I would love to know what people on this forum think. Thank you.
 
You can have the same security on a smartphone as on a desktop machine, so I wouldn't worry about it. Use 2FA and a VPN just like you do at home.
I actually like using a financial app on my phone a bit more because of the Face ID feature.
 
Yes, I trust my iPhone's security more than my desktop/browser combo. I prefer using my computer for the majority of my transactions though.
 
You can have the same security on a smartphone as on a desktop machine, so I wouldn't worry about it. Use 2FA and a VPN just like you do at home.
IMO a desktop is an entirely different security situation than something that I carry. Taking my cell phone or my tablet out into the world exposes it to significant risk of loss or theft. The risk of my home machine being stolen is low and the risk of my losing it is zero. And, actually, my home machine is a MS Surface and it gets locked in my gun safe when we are away for an extended period of time.
... It would seem that the safest way to avoid fraud and or theft is to not have the actual apps on the phone. I would love to know what people on this forum think. ...
I agree completely. I carry my cell phone out in the world and carry a Samsung tablet (primarily for email and news reading) when we travel for any period of time. Neither has any financial software or information on it and neither has ever been used even for internet access to any financial institution. In fact I have no idea why I would ever be accessing financial information or creating transactions when I am traveling. I am not a trader or a market timer and almost all of my bills are on automatic payment. Our trips have always been less than a month and a month on autopilot is fine for the financial stuff.
 
I have zero concern about financial software on my phone.

If someone steals my phone, they won't be able to unlock it. The phone has a TPM that's secure, as far as everyone in the non-spy world knows. Even if they unlocked the phone, they wouldn't be able to log into my bank or brokerage, because the apps for each institution have their own separate authentication.

If someone tells me how my phone and the financial institution authentication can be defeated, then I'll go back to the drawing board. But until then, it's pretty convenient to have all this stuff in my pocket.
 
I have my phone locked down with a PIN and use 2FA for many apps. However, when i travel internationally, my main phone stays at home. I use a barebones (app-wise) phone with my travel SIM just for peace of mind.
 
If someone tells me how my phone and the financial institution authentication can be defeated, then I'll go back to the drawing board. But until then, it's pretty convenient to have all this stuff in my pocket.
Well, you can be sure that if someone figures out how to defeat your protections you won't find out by someone telling you. :) I have no need to do financial stuff when I'm traveling so I have no need to have protections or any faith in them.
 
Well, you can be sure that if someone figures out how to defeat your protections you won't find out by someone telling you. :) I have no need to do financial stuff when I'm traveling so I have no need to have protections or any faith in them.
If you wouldn't find financial apps helpful on your mobile devices, then, yeah, nothing to gain by installing them.

If my protections are defeated, they are defeated for all Android OS users, or I guess all users who's phone employs a certain chip set. Thus, someone would tell me, because it would be front-page news! "Trusted Platform Module in Pixel Phones Hacked!" Loud and clear. But, as far as I know, hasn't happened yet.
 
So my son’s iPhone was pickpocketed last week. Within one hour the criminal was in the phone and had attempted to change gmail password which was subsequently locked for security. That meant that my son couldn’t use find my iPhone from his iPad to lock, wipe or freeze his cellphone. The criminals made 5 attempts to move money and also went into apple wallet and tried to use the credit card. The only reason they didn’t get anything was due to the apps knowing that the phone wasn’t in a typical location. Granted, my son had an easy phone lock password, but it was still scary how much phishing they were able to do. They also had access to his contact list. They texted and FaceTimed everyone in our family pretending to be him. They innocently asked for the ATT pin to our cellphone account. Luckily I contacted each family member and told they not to communicate with the stolen phone. I had already called ATT and frozen the account, but with an iPhone you can message with WiFi regardless of data plan status. That’s a brief synopsis
 
So my son’s iPhone was pickpocketed last week. Within one hour the criminal was in the phone and had attempted to change gmail password which was subsequently locked for security. That meant that my son couldn’t use find my iPhone from his iPad to lock, wipe or freeze his cellphone. The criminals made 5 attempts to move money and also went into apple wallet and tried to use the credit card. The only reason they didn’t get anything was due to the apps knowing that the phone wasn’t in a typical location. Granted, my son had an easy phone lock password, but it was still scary how much phishing they were able to do. They also had access to his contact list. They texted and FaceTimed everyone in our family pretending to be him. They innocently asked for the ATT pin to our cellphone account. Luckily I contacted each family member and told they not to communicate with the stolen phone. I had already called ATT and frozen the account, but with an iPhone you can message with WiFi regardless of data plan status. That’s a brief synopsis
Thanks for all of your thoughts and comments !
 
I never had a brokerage account app on my phone. I recently took all of my other financial apps off of the phone. I generally do my financial business at home on a laptop. If I need one, I can just download it.

I recently saw a news event where the bad guys held up someone and forced him to give up passwords. He lost a large amount of money. I do live in a big city and move about freely using public transportation. The chance of this happening is slim, but not zero. I also try to minimize cards in my wallet. I try to have a $20 bill to appease the robber. My precautions have worked since I have been living the big city life for over 60 years and never had a problem,

If I lived somewhere with less crime I probably would not worry about it.
 
Granted, my son had an easy phone lock password,
So, it seems like the lesson is "don't have a guessable phone lock password".

With biometric tech, there's really no reason not to make your phone lock password longer, since it's a rare case where you have to enter it. My phone makes me enter it occasionally, just so I don't forget it.
 
So, it seems like the lesson is "don't have a guessable phone lock password".

With biometric tech, there's really no reason not to make your phone lock password longer, since it's a rare case where you have to enter it. My phone makes me enter it occasionally, just so I don't forget it.
Yes, that is one of the lessons. But if someone gets in your phone, friend or foe, it then becomes a race as to who can take control of the device. There’s ways to slow them down and things to omit, but people with ill intent aren’t to be underestimated.
Hope none of you experience this !
 
Yes, that is one of the lessons. But if someone gets in your phone, friend or foe, it then becomes a race as to who can take control of the device. There’s ways to slow them down and things to omit, but people with ill intent aren’t to be underestimated.
Hope none of you experience this !
The passcode to get in the iPhone is 6 digits. Also the phone will not let you keep trying new codes until you get in, so this is nearly impossible I hope.
 
If they got my phone, I don't think there would be a race. They might try some short passwords (mine is long, random, across character sets). There's just no brute force way that I've heard of. The thieves would give up, do a factory reset, and sell it back to me on eBay :) This is for Android.

I did read an interesting thread here on E-R about how Apple phone thieves can find the phone owners email somehow (without access to the phone) and try to con the person to take some action that will make the phone sellable for full price (as opposed to the value of spare parts). They start out nice, but if the owner refuses, they claim to know where you live, and will send "Bubba" to break your kneecaps. The solution to that is easy, if you get contacted by the theif, just ghost them. They won't know they have a "live one".
 
The passcode to get in the iPhone is 6 digits. Also the phone will not let you keep trying new codes until you get in, so this is nearly impossible I hope.
It’s 4 digits unless you set it to 6. The most common passcodes are things like 1234 or 4567 etc according to the apple security person I spoke with. My son’s wasn’t that easy, but it was only 4 digits. The main thing is to put a 1 hour delay on changing the code (in settings). Also to change it frequently, especially if you don’t clean the screen often.
But to the original question, is having apps on your phone with the keys to your entire net worth, ….worth the risk ? I’m not a tech person, but I know for a fact that criminals are smarter than me ! That said, the financial apps on my phone will be greatly reduced.
 
Even if they get into the phone, they can’t login using financial apps. Those require their own password/validation.

It’s good for everyone to think about how secure their devices are from hacking, both phones/tablets and desktop computers. Both can be compromised. Personally, I’m more concerned with my desktop computer, since it’s much easier to install malicious apps.
 
I don’t have financial apps on my iPhone only because I don’t need access to my financial accounts when I’m away from home. From home it’s just easier to use my Mac, maybe iPad - and I have long complex passwords (most 16 characters), 2FA, face recognition and/or Touch ID on critical accounts. My usernames/passwords for financial accounts aren’t saved digitally anywhere except a thumb drive and hard copy. Right or wrong, when away from home I am more concerned about WiFi security than security of the apps themselves. I also delete history/clear cache after any sensitive session.
 
I don’t have any brokerage apps on my phone because I don’t routinely do transactions. Even if I did and someone got through the 8 character password and 2FA on the brokerage, they can’t move money out except to a registered bank account on the account. Creating a new registered account is very difficult as it has to be in my name and validated with micro deposits etc.

I do have my bank account app on my phone and use that very often as it is much easier than using my laptop.
 
What is happening in the UK and some other big cities is that they watch you enter the passcode in public and then target you for theft.

Either pickpocket or grab phone from your table at a cafe and run out, jump on waiting scooter.

Also a lot of apps will log in with your passcode if faceID fails. But that may be a security setting.

You can set longer than 6-digit codes, even alphanumeric.
 
I’m not aware of any app that uses my phone’s passcode?

If I can’t use FaceID, then I have to login using my account name and password.
 
One thing to consider, Apple wallet has no passcode once in the phone. If there are any cards, accounts, tickets etc then they are able to see those and try to initiate transactions.

I appreciate all the comments. I have 2FA, long, unique passwords and ID's as well as voice recognition for my accounts.
It is still very disconcerting when you can see a stolen device on your family Life360 being charged and moving around a city and having 6 financial transactions attempted. No way to turn off the WiFi on the stolen phone and no way to know what they can see or access.
 
One thing to consider, Apple wallet has no passcode once in the phone. If there are any cards, accounts, tickets etc then they are able to see those and try to initiate transactions.

I have my Apple wallet open now on my iPhone and I can't see any card details, just the last 4 digits of each card.
 
In wallet if you highlight a card, go to upper right and hit the circle with 3 dots, go to card details and select Express Transit Card, this allows you to turn off Face ID and just wave for transactions.
Again, I don’t know as much as criminals know, but criminals seem to evolve at least as fast as security does.
 
Back
Top Bottom