Google to ban financial lending apps from accessing user photos, contacts

This feels like treating one particularly visible symptom of the problem instead of fixing the actual problem. What Google should do instead is prevent apps from refusing to work or disabling unrelated functionality just because some permissions are denied (e.g., if you deny your banking app permission to access your camera, everything but mobile check deposit should still have to work). They should use a two-pronged approach to do so:<p>1. Make that a rule in the Play Store and ban apps that violate it<p>2. Make Android present convincing fake data to apps when permissions are denied

They need to ban that Dave app. I signed up because it offered a loan for $500, but when I got in the app they forced me to &quot;connect&quot; my checking account, sucked up all the data, then offered me only $20. With a daily notification to setup one of their &quot;checking accounts&quot;.<p>The app was advertised as a short-term loan with borrower-friendly terms (&quot;give us a tip!&quot;) -- yeah right. Come to find out it&#x27;s just a new accounts funnel. Yet this app is allowed to blatantly exist on the app stores, despite not doing anything like what it was advertised to do and tricking you into handing over all your transactions data from your checking account (probably to look at your cash flow and decide how valuable you are from a new accounts perspective).

&gt; predatory loan apps<p>Loan sharks?! We reached a point when I don&#x27;t even allow chat app (WhatsApp) to access my contacts. Banks&#x27; apps love contacts as well (&quot;send money to phone number&quot;). With &quot;convenience&quot; bait they get birth dates, physical addresses, emails, profile photos, and whatnot. I see from behind my keyboard how banks salivate to calculate some credit worthiness from the contacts uploaded (and confirmed by the entry in the other person&#x27;s address book).

It&#x27;s &quot;good&quot; in the same way that &quot;google stops punching man in the face&quot; might be good.<p>In a sea of predatory applications, why is lending the only one that gets blocked here? A whitelist would be better (say approved photo and contact apps could access photos and contacts), and better still would be the app can only access what you transfer to it and doesn&#x27;t get blanket permissions.<p>I also agree with the other comment that this shouldn&#x27;t be within Google&#x27;s power to decide, it should be regulated - if you force a closed OS on users, you should be limited in what it can access

Europe has the KYC (know your customer) and AML (anti-money laundering) regulations.<p>To satisfy KYC&#x2F;AML, providers of financial services on apps thus ask to see photo id and pair this with a photo taken by the app itself.<p>I&#x27;m not fully across the KYC loopholes, but it seems like this would make fulfilling the regulations very difficult or potentially impossible as the required identification options needed to satisfy KYC each include a headshot.<p><a href="https:&#x2F;&#x2F;www.ecb.europa.eu&#x2F;paym&#x2F;groups&#x2F;pdf&#x2F;dimcg&#x2F;ecb.dimcg210127_item3.1b.en.pdf" rel="nofollow">https:&#x2F;&#x2F;www.ecb.europa.eu&#x2F;paym&#x2F;groups&#x2F;pdf&#x2F;dimcg&#x2F;ecb.dimcg210...</a>

I think the OS should provide the ability to select items and then give opaque handles to applications. The app could send a message to the OS to display photo selector. The OS could send a message back with a handle to selected photo. One could then asks the OS to send a handle, which would forward selected item somewhere else.

How about we leave access to Contacts only to apps that, you know, allow you to contact other people and legitimately need either the email or number? Make it a global XOR: you can ask for Contacts OR credit card&#x2F;financial data, but not both.<p>In any case, there is never a legitimate need to know the entire address book to &quot;send money to your contacts&quot;: mobile OSes could just offer an interface to manually pick a single contact and return it to the app, which could then validate it as a financial partner

I reality, very few apps should have access to that data in the first place.

I never understood why Program permissions is such a big deal on Android and IOS, but not on Desktop Windows&#x2F;Linux, where <i>any</i> application can to <i>everything</i>.

Very few apps should have full contacts access. There should be a way to share a contact at a time with an app, like if I want to send an email payment through my banking app, it should call an android function to open a contact selector so I can share just that one contact. Or really, just the email address of that contact, not the rest of the data I may have associated with it.

I am curious. Why not give each app a private copy of common user resources? Every app has access to contacts but by default only the ones they create. Then android should allow sharing across apps based what the user wants to share. It would be a little bit tedious to share but an OS provided sharing tool can reduce that friction.

Off topic of the lending apps but something I have long wanted to see is actual information about the data accessed by these apps.<p>Maybe Android has this, but on iOS I can go into privacy and easily see what apps have access to what data (and easily revoke that permission).<p>But I don&#x27;t see any kinds of metrics that would indicate that an app is possibly abusing that permission.<p>For example, it would be awesome if I could go look at photos or contacts and see a percent for how much that app has accessed that data and maybe even a graph overtime so I can see if it was a one time thing or its mining for data.<p>There is the app privacy report on iOS that gives me some of this data, but it doesn&#x27;t give me how much data it is accessing. Which I think is the critical part.<p>If I give an app access to my photos I expect its going to access it, but without knowing what its doing its not quite as useful. Still useful, but not as useful.

What we really need is finer-grained permissions like “let the OS pick a photo and hand it to the app” and “let the OS pick a contact and hand it to the app” and then require that most apps use that instead of overly-broad permissions that will be abused.

I am so sad that I live in the society which is needed in such regulations. This change sounds like something good, but ability of vendor to do all kinds of things with a device makes me a smartphoneless person.

Didn&#x27;t google flat out ban pay-day loan businesses from buying ads on Google search? Why would they even let them in the app store.

Recently wanted to know what day a particular date was, so on Samsung, I opened the first calendar app I could find. On opening it asked for location, I denied its request and the application shut down. WTF. I understand why a calendar might want location, but it did not need it to be used as a calendar. Such crap....

Wow, those are an entirely new category of dark patterns. Sending manipulated photos of relatives to get someone to pay a debt. Incredible. All those Meta employees that were lamenting the damage caused by their work at a social media company can rest easy when they tell themselves that at least they aren&#x27;t working for a Kenyan scammy loan app.

There’s currently a lot of pressure for Apple to allow alternative app stores or sideloading.<p>That means more choice, but can also weaken the protections for users. Alternative stores will likely have more loose policies for what apps&#x2F;behavior they accept.

Maybe I&#x27;m just being a smooth brain, but wouldn&#x27;t that mean I can&#x27;t deposit a cheque by taking a picture of it anymore?

“Apple is evil bro, we need to remove any sort of restrictions on what apps can do”

So I take they also prevented Google Wallet from accessing that data?

Was was that ever allowed in the first place?!

This is a cool feature, good job Google.

Do we really need apps? Usually when I want to use one, I&#x27;ve got to update it first. Better to just use websites.

Except for Google Pay.