The Commonwealth Bank has decided to tap Google for security assistance with its CommBank app, which now also acknowledges the use of open source software packages.
Users of the app were last week greeted with news of the twin updates.
One update explained that the app had started to make use of Google Safetynet, a service billed as “a set of services and APIs that help protect your app against security threats, including device tampering, bad URLs, potentially harmful apps, and fake users.”
“The Google Safetynet feature does not involve CommBank sharing data with Google, but rather, the Android device shares some data with Google in order to provide an assessment of the device security, which we then use to detect certain types of fraud and cybercrime," a CBA spokesperson told iTnews.
The second update to the CommBank app added open source licences, which the bank's spokesperson said was “a decision to acknowledge the use of third party components within our apps, where appropriate”.
The spokesperson added that “this transparency, if anything, benefits security.”
“We take security seriously,” the spokesperson added.
“Every version of the CommBank app, including the open source components, is rigorously scrutinised and scanned by our engineering and cyber security teams for any potential vulnerabilities, and to ensure it is safe to use."
All of the open source components used in the app use the Apache licence. The packages used are:
- Adapter: Rx Java 2
- ButerKnife Reflect
- COvnergter: Gseon
- LeakCanary for Android
- Material Components for Android
- Mosby Model-View-Presenter
- Mosby mvp-nullobjet-presenter
- OkHttp Logging Interceptor
- PhotoView Library
- Picasso 2 OkHttp 3 Client
- Zxing Android Core
- ZXing Core
If you think any of those are concerning, send us some feedback!