Public Bank will soon discontinue its old PB Engage app from June 2025 and customers are urged to make the switch to the newer MyPB app. The new online banking app is available on the Apple AppStore, Google Play Store and Huawei AppGallery.
However, if you’re using an Android phone, the new MyPB app may pop up a security notice informing you of apps that may cause security vulnerabilities, privacy breaches and potential data and monetary loss. We’ve installed the app on various Android phones from Oppo, Samsung, Xiaomi and Honor and here’s what we’ve discovered.
Native apps on Samsung, Xiaomi and Oppo flagged as security risk by MyPB
On the Samsung Galaxy S24 Ultra, the MyPB app flagged a lot of pre-installed native apps as a security risk which includes Samsung’s Text to Speech language packs, Calendar, Calculator and even Samsung Kids. Similarly on a Xiaomi 15, it flagged native apps such as Screen Recorder, Mi Mover, Mi Remote, Calculator, Weather, Clock and Xiaomi Home as security risks. Meanwhile, on the Oppo Find N5, the app has listed Clone Phone, Screen Lock, Translate, Notes, AI Studio, IR Remote and My OPPO as risky apps.
The reason why this is happening is because MyPB considers any applications installed via “unofficial stores” as a potential security risk.
The thing is, these third party app market or stores that come with the phone such as Samsung’s Galaxy Store, Xiaomi GetApps and Oppo’s App Market are actually legitimate app distribution platforms from the respective smartphone brands.
Interestingly, the Honor Magic 7 didn’t pop up any warning messages as the Honor flagship smartphone relies solely on Google Play Store for app downloads.
While it is true that downloading apps from unknown sources including direct APK files are a huge security risk on Android phones, the MyPB app seems to have gone overboard when it comes to security precaution.
Below its security message, users can still proceed to install the MyPB app but they will be greeted with a message saying “By proceeding, you acknowledge the potential harm and financial loss that could arise from using apps installed from unofficial stores”.
To make it more worrying, there’s also a note that says “If you choose to retain these apps and proceed, you acknowledge that you are aware of the risks associated with installing apps from unofficial / unknown sources including but not limited to the potential exposure as stated above and you agree to accept the risks. The Bank shall not be held liable or responsible for any issues arising from these risks.“
Public Bank should relook into its security assessment for third party app stores
Online scams are on the rise and it is important that all parties including financial institutions and consumers play their part to mitigate risks of financial fraud and scams. However, in this situation, a blanket labeling of all apps downloaded by third party stores as a security risk doesn’t seem to be the right thing to do. Most of these pre-installed apps such as Calculator and Calendar are permanent and they can’t be removed by the user.
Hopefully, the folks at Public Bank would look into this issue as the warning messages may cause unnecessary panic and doubt about their smartphone’s security.
Special thanks to RKMD member Swee Huatz for bringing this matter to our attention.
