Frustrated dev makes own Absa app
A 24-year-old technology entrepreneur has made his own Absa banking application after having grown tired of waiting for an official one from the bank. By Craig Wilson.
Having read that Absa would not be making an official banking application available until the end of the year or early in 2013, Johannesburg-based developer and entrepreneur Tyler Reed, frustrated at the time it is taking the bank to develop the app, has opted to make his own.
Essentially a “wrapper” for Absa’s mobile banking portal, Reed built the app to improve the mobile banking experience on his iPhone.
“It’s about 80% complete,” says Reed. “It uses the mobile banking portal and scrapes the necessary information from it. Absa doesn’t offer an open API [application programming interface] so I made another plan.”
Reed says the mobile banking portal offers a good experience on feature phones but that it’s “terrible” on smartphones like the iPhone. Using HTML5 and CSS for the front-end and PHP for the bank-end, Reed says his app works via his iPhone’s browser and this allows him to create a shortcut to it on his home screen. This makes it behave, to all intents and purposes, like an app.
“I’ve been waiting for almost a year since Absa first said [an app] was coming,” he says. “When I read it was coming out in the fourth quarter of this year or the first quarter of next year I decided to make my own.”
Reed says his solution could be ported to any of the major smartphone operating systems with relative ease. He says he hasn’t submitted it as a standalone application to Apple’s App Store because he didn’t want to wait for it to be approved and suspects Absa would oppose the move.
“Making it public is a concern from a security side,” Reid adds. “I would need to make sure that it was entirely secure before I even considered making it public.”
He says he is unsure of Apple’s policies about third-party programs that aren’t endorsed by the service with which they integrate and that his intention isn’t to tread on Absa’s toes. It isn’t his intention to embarrass Absa, but that part of his motivation for creating the app was that he is loyal to the bank and doesn’t want to switch to one of its rivals, Reed says.
To date, the process has taken Reed about 30 to 40 hours of development work. He says he suspects it would take about 100 hours to “really polish it”.
“The fact that I’ve been able to do this, alone, in less than two weeks in my spare time makes me question [Absa’s] strategy,” he says. “I’m also wondering if, at the end of the long wait, the application they release will be any good.”
Reed says he undertook the exercise as an “experiment” to prove an application-like interface “could be built on top of Absa’s existing stack seamlessly”.
“All banking interfaces are poor,” says Reed. “I wanted to build the experience that I would want.”
Because of the importance of security when dealing with banking data, Reed says his app was coded with security in mind. “Nothing is stored on the server side. The app stores temporary session data, which is encrypted, and plugs a small hole on Absa’s side in the process.”
Elaborating, Reed says Absa’s session management isn’t severely flawed, but that it isn’t perfect. “If someone got hold of your session IDs, they could log in because [Absa] isn’t matching devices to sessions. I’ve been solving those problems on my end.”
Reed has no plans to release the app to the public, especially in light of Absa’s comments about users who give their details to third parties not being covered in the case of fraud. He says wouldn’t want to put people in a similar position by encouraging them to use his app.
However, he says that even if someone were to get into his server and gain access to session data it would be useless to them. “By the time anyone decrypted the data the session would have expired. I’m making sure the login process from my side is safe. The originating device is the only one allowed for the session.”
Christo Vrey, Absa’s managing executive for digital channels, says the bank acknowledges that some of its customers are anxious for a full-fledged mobile app but suggests that the final product, when it is eventually released will be worth the wait.
Vrey says it’s important to Absa that as it rolls out new platforms, future functionality can be provided to all of them simultaneously to provide an experience that is “integrated across all channels”.
When the bank began its digital overhaul in late 2010 and early 2011, Vrey says it realised that it would “have to wait on some components” and that competitors would probably get apps to market first.
“An app is very important; we can’t say it isn’t. It’s part of our plan, but we’re holding out to bring something to market that will be next generation in the application space. The negative part is that we keep our customers waiting, but we hope the product will make amends. I have no doubt you’ll see incredible download statistics once it comes out.”
Vrey says Absa could have put out a basic app that didn’t expand on the current functionality of existing channels to “silence the noise”. But he says this isn’t in keeping with Absa’s longer-term goals.
Absa’s application, he says, will be “customised and optimised” for both smartphones and tablets. “I’m confident and excited and bullish about what we will put down. Unfortunately, though, the next couple of months are going to be a game of patience.”
Vrey says he would rather not comment directly on Reed’s app, but concedes some customers are frustrated, especially those on the leading edge technologically.
He says the bank will stick to its “unambiguous” message that users should never give their banking credentials to a third party. “Suggesting that it’s acceptable to provide your credentials to a third party is a difficult message, even when the third party seems credible.”
Another obstacle to Reed’s app, were he to make it public, is that he would essentially be representing Absa’s brand, a move Vrey says the bank would have to challenge “out of principle”. — (c) 2012 NewsCentral Media