←back to thread

Technical Analysis – Improper Use of Private iOS APIs in Vietnamese Banking Apps

(blog.verichains.io)
90 points quyleanh | 1 comments | 28 Mar 25 07:04 UTC | HN request time: 0.209s | source
Show context
alephnerd ◴[31 Mar 25 14:56 UTC] No.43535762[source]
Sadly, it goes well beyond BIDV and Agribank as well. There is a lot of similar hacky fingerprinting done by all the Vietnamese banking apps.

My understanding is it's because there was some regulatory change in the last 1-2 years requiring identity fingerprinting using banking apps, and partially related with the new biometrics rollout [0]

[0] - https://xaydungchinhsach.chinhphu.vn/huong-dan-cai-dat-sinh-...

replies(1): >>43536648 #
1. NotPractical ◴[31 Mar 25 16:11 UTC] No.43536648[source]
So the law is now requiring that you find zero day exploits in iOS in order to make a banking app? Are there banking websites you can use instead? Are criminals incapable of using these websites for malicious purposes?