Not sure if this is a good place for this post or not, but here goes.
I reject outbound connections to meta domains at the firewall. I noticed this banking app refuses to prompt for login credentials unless I am on mobile or a public WiFi network. I watched my FW logs and noticed many rejected connections to graph[.]facebook[.]com.
I contacted their support team, but they denied the connection was their app. I shared the screenshot on this post and they closed my case without comment.
I emailed the address on the Google play store and they also denied the connection was their app. I shared the screenshot and they asked if I downloaded the app from the play store, implying the official app doesn’t do this, but of course it does.They closed my case without proper resolution as well.
Just thought I’d share this here so people know that some banks make direct connections to Facebook to share analytics, without your knowledge or informed consent, and they lie about it when called on it.
All the technical discussion is interesting. But perhaps more importantly, is it time to consider a new bank?
Naw Ally is a good bank.
That’s a pretty impressive reputational improvement for something that started out as the finance arm of General Motors.
I have had them for well over a decade now after yeeting US Bank to the curb. Their customer service is top notch, there’s never been any fuckery whatsoever with my multiple checking accts, and the $10/month reimbursement of out-of-network ATM fees is solid.
I was even able to get someone on the phone when I was in the middle of a casino at 1AM at a bachelor party, to get them to temporarily raise my ATM daily limit so I could continue the party. They would have to do something terribly egregious to get me to leave.
Requirement to use Facebook argues otherwise.
If that was actually the case then maybe. But I see no proof of that.
It doesn’t require you to use Facebook though. They might use FB analytics or tracking, but probably dont, or only for very few users.
Exodus Privacy detects trackers in apps, here is their report for Ally: https://reports.exodus-privacy.eu.org/en/reports/com.ally.MobileBanking/latest/
Many other apps contain way more and worse trackers, just some Amazon and Google Firebase is on the light side.
“They’re not the worst” isn’t particularly persuasive.
I don’t have a dog in the race, and I’m not likely to do so long as this is a question.
Given the state of banking and corporations in general in the US sometimes “not the worst” is the best option
Agreed. But even the best bad option is still a bad option
Ally may be a fine institution that just happens to employ a questionable programmer who likes too many of the wrong trackers. My original point was that, if OP can’t use their services because something they do is a deal breaker, it’s time to switch to a different financial institution — perhaps a member-owned credit union.