this post was submitted on 19 Jul 2023
14 points (88.9% liked)

Technology

59235 readers
3429 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
14
Ally (bank)mobile app fails without connection to graph.facebook.com (lemmy.world)
submitted 1 year ago by s38b35M5@lemmy.world to c/technology@lemmy.world
18 comments fedilink hide all child comments
 

Not sure if this is a good place for this post or not, but here goes.

I reject outbound connections to meta domains at the firewall. I noticed this banking app refuses to prompt for login credentials unless I am on mobile or a public WiFi network. I watched my FW logs and noticed many rejected connections to graph[.]facebook[.]com.

I contacted their support team, but they denied the connection was their app. I shared the screenshot on this post and they closed my case without comment.

I emailed the address on the Google play store and they also denied the connection was their app. I shared the screenshot and they asked if I downloaded the app from the play store, implying the official app doesn't do this, but of course it does.They closed my case without proper resolution as well.

Just thought I'd share this here so people know that some banks make direct connections to Facebook to share analytics, without your knowledge or informed consent, and they lie about it when called on it.

top 15 comments
sorted by: hot top controversial new old
[–] ChatGPT@lemmy.world 5 points 1 year ago (1 children)

It’s probably NTP a lot of banking apps have extra protections and if it can’t determine the time from its own trusted authority it may not allow the connection.

[–] rcmaehl@lemmy.world 4 points 1 year ago* (last edited 1 year ago) (1 children)

Launchdarkly is likely a culprit as well. Just doing a background search reveals that the service allows dev teams to do A/B testing, enable new features without releasing a new version, and various other "dynamic" functions.

OP is on the wrong side of Occam's razor

[–] stardust@lemm.ee 3 points 1 year ago* (last edited 1 year ago) (1 children)

This is definitely probably it. I can't believe more things aren't broken by blocking launchdarkly

[–] Radium@sh.itjust.works 1 points 1 year ago

If you set it up correctly it defaults to a specific flag state if it can’t connect. I.e. always show the user the old treatment instead of the new if you can request the actual state of their enrollment.

They get blocked constantly and my old company just routed the requests through our domain so they’d stop getting blocked

[–] Doug@midwest.social 4 points 1 year ago (1 children)

So I just tested this. I'm not at home so I had to VPN in which is no issue.

  • I opened graph.facebook.com and confirmed it was working
  • I opened and logged in to my Ally app
  • I added graph.facebook.com to my pi-hole's black list as a regex entry
  • I opened graph.facebook.com in the browser and confirmed it was blocked
  • I force closed and cleared the cache on my Ally app
  • I opened and logged in to my Ally app

It's not the Meta connection that's giving you trouble.

[–] Another_Reddit_Refugee@lemmy.world 1 points 1 year ago (1 children)

I added graph.facebook.com to my pi-hole’s black list as a regex entry

Yes, but did you clear the DNS cache on your device after doing this? Once the DNS lookup is done it doesn’t matter what you’ve done on your pihole. The IP is cached and pihole will not even see the query.

[–] Doug@midwest.social 1 points 1 year ago

It's a fair point but I've got two counters.

  1. It was blocked in the browser, which implies there's not a cached record for it on the device

  2. The Pi-hole logs the queries it receives and I do have four separate entries for that URL today, spaced in an amount of time that does not imply automatic requests but does likely match up with my test cases.

[–] Yuper@lemmy.world 2 points 1 year ago (1 children)

I know a software developer that worked for Ally when they were adding this. They all said it was a terrible idea, but were ignored. The reason they claim it’s needed is to track app installs that originate from an ad on Facebook. Since the App Store sits in between the ad click and App launch, there isn’t an easy way to track it without that. But, it shouldn’t be blocking you from logging in.

[–] darthfabulous42069@lemm.ee 1 points 1 year ago

I'd bet you bottom dollar Ally is selling their customers' financial information to Meta, and this is a manifestation of that.

[–] db2@lemmy.one 2 points 1 year ago

Try unblocking the ntp.org connections.

[–] MangoPenguin@lemmy.blahaj.zone 2 points 1 year ago* (last edited 1 year ago) (1 children)

Something else is going on with your setup, I block graph.facebook.com via DNS too and Ally works fine, both app and browser.

Your screenshot looks like you're also blocking ntp.org which could definitely screw with a banking app, and launchdarkly.com may also be the problem if they're loading assets from that service.

[–] Morse@spgrn.com 1 points 1 year ago* (last edited 1 year ago)

LaunchDarkly essentially just serves up true/false values for services to grab. It can be useful to update code functionality without having to rebuild / recompile. However, any service that uses the launch darkly API should have a default state for their values to fall back on, so it shouldn't cause any major issues if LaunchDarkly can't be reached.

[–] FeelzGoodMan420@eviltoast.org 1 points 1 year ago* (last edited 1 year ago)

FYI this is why you DON'T use the banking app. Use a browser and I guarantee you won't have this issue. Phone apps are mostly all adware bullshit at this point. Use as few apps as you possibly can. Your life will be better because of it.

[–] kemsat@lemmy.world 0 points 1 year ago (1 children)

File a complaint with the government. I’m not sure which agency, but there is definitely one for that.

[–] 14specks@lemmy.ml -1 points 1 year ago

Not in the US there isn't

load more comments
view more: next ›