SINGAPORE - When financial consultant Nicholas Yee, 46, tried signing in to the OCBC banking app on his Android phone on Monday, he received an alert about apps he downloaded from unofficial stores.

The alert also said he could not access the OCBC online banking services until these apps were uninstalled.

Mr Yee, who carries a Samsung Z Fold 5 and uses China-centric apps largely for business, said: “OCBC has no right to decide for us what apps we use in our daily life. Why do they think only apps downloaded from Google Play Store are legitimate and not malware?”

He added that there is anti-virus software installed on his phone to alert him about malware, and the software did not raise any alarms about the apps flagged as risks by OCBC.

Android phone users with the OCBC digital app got a security update on Saturday designed to protect customers from malware.

Users who had downloaded apps from other portals instead of an official store found that they were unable to access their OCBC online banking services. They would need to delete these apps to use OCBC app banking services again.

Official app stores for Singapore users include Google Play, Apple App store and Huawei App Gallery.

Mr Beaver Chua, head of anti-fraud at OCBC group financial crime compliance, said the security feature was rolled out in response to recent malware scams that often emptied the victims’ bank accounts.

Responding to customer concerns that the new feature flouts personal data protection rules, Mr Chua said the security feature does not collect any personal data from users. He said: “We want to make it clear we don’t monitor or conduct surveillance on the customer’s phone.”

Mrs Ong-Ang Ai Boon, director of the Association of Banks in Singapore, agreed and said that banks work closely with the Government and law enforcement authorities to fight malware scams.

“In order to detect behaviours consistent with known malware activities, a stronger security feature is being rolled out by banks,” she said.

Mrs Ong-Ang also said that the technology detects higher-risk behaviours which are characteristic of known malware activities when the banking apps are opened, and does not identify the owner of the mobile phone.

She added: “In rolling out these measures, banks always strike a balance between security and convenience. We seek the understanding of consumers, as scammers are deploying increasingly sophisticated tactics.”

When contacted, the Monetary Authority of Singapore (MAS) said it “strongly supports banks’ initiatives to bolster the security of digital banking”, and that it has been working closely with banks to “introduce measures to address the risks associated with malware-related scams, which an increasing number of customers have fallen prey to”.

“It is in the nature of new innovations that they may cause unintended inconveniences,” an MAS spokesman said. “MAS will work with the banks to learn from these experiences and continually enhance their security features.”

“Security measures will come with some measure of added inconvenience for customers, but they are necessary to maintain security of and confidence in digital banking.”

Mr Chua also said OCBC has not received reports of malware scams from customers who updated their app with the new security feature.

“Before last Saturday, we usually received at least one malware scam report from our customers a day,” he added.

Software developer and OCBC customer Chua Mei Ling said she welcomed the tighter protocols. The security feature, she added, is a good move to warn users about malware that can be inadvertently downloaded.

Madam Chua, 62, said: “Now when I log in to the app, there is a greater assurance that it is genuine, especially as scams evolve. I think all banks should be doing something like this to keep a step ahead of the scammers.”

Mr Jan Sysmans, a mobile app security evangelist at Appdome, said the initiative does come with good intentions. United States-based firm Appdome is a mobile app cyber defence platform.

Mr Sysmans said: “However, there are more measured approaches to achieving the same desired outcome, while still addressing the inherent risk and preserving customers’ experience.”