Do banking apps really need all these permissions?
I don’t use net banking apps on my phone because the mandatory permissions they ask for make no sense.
Why does a banking app need access to my SMS, phone, contacts, etc., in the name of security, when not seeking invasive device permissions is, in fact, the global benchmark for cybersecurity. This is called the Principle of Least Privilege (PoLP).
“Don’t do unto others what you don’t want done unto you” has been at the heart of the Zerodha philosophy.
This is exactly why we’ve built Zerodha the way we have. Kite asks for ZERO permissions on mobile, for instance, and this is one of the big reasons why millions of people trust us. What has enabled us is SEBI’s mandatory strong two-factor authentication framework strike the right balance between security and privacy.
Exactly my experience. I used the Axis mobile app once and deleted it, but net banking still asks for a mobile app code—very frustrating.
Security should be simple, not complicated. Zerodha proves this.
@Nithin Kamath, you should seriously consider opening a bank with a user-friendly approach. It would be a game changer.
Because the IT company collects the data and sells it. The bank execs are paid a commission for allowing this to happen and the banking regulator is sleeping.