Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This all sounds like it could potentially be illegal, have you spoken to a lawyer and cleared it all?


Or potentially broken easily - since these are private API's that the bank is free to change whenever they feel like it.


Not without pushing out an update to all of their clients. Which presumably they would know about.


Sure they might find out an App Update was issued in the App Store... but they cannot possibly know what API changes were made without reverse-engineering the API's all over again.

Not to mention, once they discover what changed, now this service has to go make the changes on their system... meanwhile that bank doesn't work with this service anymore.

So the App is broken for some undefined period of time.


The bank has to deploy their client code to all of their users before they can depreciate the old API. That should give them plenty of buffer time to reverse engineer the changes.


That doesn't make sense.

"All" of their client code is a bunch of apps, that mostly auto-update. My bank (small town credit union) has a banking app that refuses to work at all unless it's the most recent version of the App. I see no reason why this would be a challenge for the bank - it's only a challenge for this service.


That doesn't stop them from deploying new APIs to their client software deactivated. Then "flip" a switch to cause it to behave differently all at once.


It seems like they would only find out after the update has been pushed, though - ie, after the app has been broken.

Unless they have relationships with the banks now, and would be given a heads-up. Perhaps that's the case. It sounds like it may be.


Sure, but they've got plenty of buffer time since their app doesn't break when the new version is released, it breaks when the old API is actually depreciated. Just because you release a new version on the App Store doesn't make clients with old versions of the app disappear.


Consider that e.g. Barclays randomly breaks their own mobile app for substantial subsets of their own customers. Over the last 4 years or so, the app has been broken for me more than 2 of them because they apparently consider it acceptable to whitelist phones based on their own whim (if you have one of the big brand phones, presumably it usually works, but e.g. even users of relatively well known brands like Huawei can often find their new phones won't work with Barclays for several months before it gets whitelisted).

In other words, many of the big banks have such a dysfunctional relationship to internet banking that customers of many of them have learned to deal with not being able to use the apps for long periods of time - it's hard to imagine that a third party will be perceptibly worse.


Apps won't be updated instantaneously on devices, though. There'll have to be some backwards compatibility for a good while if the banks want to change their APIs drastically. You can't just shut down access to your customers apps.


> You can't just shut down access to your customers apps

Yes you can, and banks already do this. Even the E-Trade app refuses to work unless it's on the most current version. When you control the apps and the API, you can pretty much do as you please.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: