Support #7098
[SCP ID :##3645##] : RMBP APK warning from playstore
| Status: | Closed - End of life cycle | Start date: | February 03, 2017 | |
|---|---|---|---|---|
| Priority: | Urgent | Due date: | February 09, 2017 | |
| Assignee: |  Zahir Abd Latif | % Done: | 100% | |
| Category: | - | Spent time: | - | |
| Target version: | - |
Description
Hi,
Kindly attend below request:
Please help to check as currently we got below warning from play store that our latest APK is requesting permission CAMERA, READ_PHONE_STATE, GET_ACCOUNTS, READ_CONTACTS
We need to know what is the need of APK Maybank2U for permission READ_PHONE_STATE, GET_ACCOUNTS, READ_CONTACTS?
History
#1
Updated by Rayvandy Gabbytian over 7 years ago
- Assignee changed from Tommy Arryandy to Ngoh Chee Onn
Dear Chee Onn,
Could you please check this?
Thank you.
#2
Updated by Rayvandy Gabbytian over 7 years ago
- Due date set to February 09, 2017
- Assignee changed from Ngoh Chee Onn to Aditya Prathama
- Priority changed from Normal to Urgent
Dear Adit,
Really need your help to check this for M2U android app. Bank would like to know what is the need of APK Maybank2U for permission READ_PHONE_STATE, GET_ACCOUNTS, READ_CONTACTS?
Thank you.
#3
Updated by Ngoh Chee Onn over 7 years ago
- Assignee changed from Aditya Prathama to Rayvandy Gabbytian
Hi Gabby,
According to the AndroidManifest.xml file from the package provide by i2s already include this all request permission. Please refer below for the need of this permission.
READ_PHONE_STATE - For Phone book integration
GET_ACCOUNTS - For Push permissions
READ_CONTACTS - For Phone book integration
Thank you.
#4
Updated by Rayvandy Gabbytian over 7 years ago
- Assignee changed from Rayvandy Gabbytian to Ngoh Chee Onn
Dear Chee Onn, Adit,
First of all you need to understand why bank asks that question. Google play store asked bank to report to Google because currently RMBP is using READ_PHONE_STATE, GET_ACCOUNTS, READ_CONTACTS. These are considered user sensitive data that user need to be prompted before accessing certain modules. This new requirement of Google Play Store is stated in this URL: https://play.google.com/intl/en_ALL/about/privacy-security/additional-requirements/
So bank need to explain the need of these accesses. If let say they are not used, then remove those function. If they are being used, then bank need to raise CR in order to build notification pop up or similar solution. Please find my response inline:
READ_PHONE_STATE - For Phone book integration
[Gabby] Which module need to use phone book integration?
GET_ACCOUNTS - For Push permissions
[Gabby] Does RMBP has push notification? For what purpose?
READ_CONTACTS - For Phone book integration
[Gabby] Which module need to use phone book integration?
Thank you.
#5
Updated by Ngoh Chee Onn over 7 years ago
- Assignee changed from Ngoh Chee Onn to Rayvandy Gabbytian
Hi Gabby,
After investigate into RMBP code, these function is not using in RMBP. May i know, when should remove those permission?
Thank you
#6
Updated by Zahir Abd Latif over 7 years ago
Dear Gabby/Team,
Any update on this issue?
Please do update whether I can close this case.
Thanks.
#7
Updated by Rayvandy Gabbytian over 7 years ago
- Status changed from New - Begin Life Cycle to Pending Customer Feedback
- Assignee changed from Rayvandy Gabbytian to Zahir Abd Latif
Dear Zahir,
As per latest update, IBM is still investigating the issue with lib PNG and Open SSL matters. So this case ID fixes has not yet gone through production. Please refer to Chee Onn / Amy for RMBP related issue.
Thanks.
#8
Updated by Zahir Abd Latif over 7 years ago
- Status changed from Pending Customer Feedback to Closed - End of life cycle
- % Done changed from 0 to 100
Issue closed in SCP.