Technical Analysis – Improper Use of Private iOS APIs in Vietnamese Banking Apps

Summary

Bài viết tiếng Việt Yesterday, reports emerged in the Vietnamese infosec community that two popular banking apps – BIDV SmartBanking and Agribank – were using hidden / private iOS API to detect other apps installed on users’ iPhones. This behavior was initially highlighted by @opa334, developer of TrollStore, on infosec.exchange two days ago and later in a Facebook post on Vietnamse J2TEAM forum. The controversy quickly gained traction because such behavior suggests a violation of Apple’s policies and an invasion of user privacy.The initial information in the Facebook post mentioned suspicions regarding our BShield Mobile Security solution, leading to a misunderstanding that inaccurately affected the reputation of BShield and Verichains. Therefore, we conducted a thorough technical analysis of the mentioned bank apps BIDV SmartBanking (v5.2.62, updated on Mar 14, 2025) and Agribank Plus (v5.1.8, updated on Mar 25, 2025), detailed in this write-up, which also examines implications for users and the banking apps.Disclaimer: This analysis was released strictly for security research, transparency, and customer protection purposes. This document also aims to clarify false claims regarding BShield's involvement, promote technical transparency. While we strive for accuracy, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the information, products, services, or related graphics contained in this blog for any purpose. The information provided in this article is not intended to encourage, guide, or support any actions that violate the policies of Apple, Google, or current legal regulations. We shall not be held liable for any damages or consequences arising from the misuse of the information presented in this analysis.The apps (BIDV SmartBanking and Agribank Plus) were reported of using the private iOS API SBSLaunchApplicationWithIdentifierAndURLAndLaunchOptio...