As part of our ongoing efforts against cybercrime and to protect your Online Banking experience, we will be introducing an essential security feature to the OCBC Malaysia Mobile Banking app.

Starting in October, you will not be able to use the OCBC Malaysia Mobile Banking app if you have any applications on your devices that are not downloaded from official app stores such as Google Play Store or Huawei AppGallery. To login, we recommend that you uninstall such apps. You do not have to delete the OCBC Malaysia Mobile Banking app.

The latest versions of the OCBC Malaysia Mobile Banking app on Android are designed to work better and be more secure on devices where the apps are downloaded from official app stores such as Google Play Store or Huawei AppGallery. These apps go through a verification process before they are available for download. On the other hand, apps from other sources such as websites or apps installed using Android Package Kit (APK) files are not verified. These apps may have security vulnerabilities and can potentially be easily infected with malware. This can give cybercriminals control over your device and potentially access your banking app(s) and personal information.

Alternatively, if you prefer to keep these apps after having assessed that they are not malicious and do not pose a malware risk, you may turn off ‘Accessibility’ for these apps. You can do so via the Settings menu on your device. For example, on Samsung mobile devices with the latest One UI user interface, you can navigate to Settings > Accessibility > Installed Apps*.

Turning off 'Accessibility' will cut off scammers’ remote access to, or keylogging of, your phone and any access to your bank account(s). However, we do not recommend this option because of the residual risk – cybercriminals may still exploit ‘Accessibility’ services to compromise your devices. The preferred and safer option is to uninstall apps not downloaded from official app stores to completely remove the risk of malware from such apps.

*The steps to turn off an app’s ‘Accessibility’ may differ by phone model. Please refer to question 7 or check with your device manufacturer.

The OCBC Malaysia Mobile Banking app will now work more securely on devices whose mobile apps were all downloaded from official app stores. Malware attacks may emerge from apps that are downloaded from websites and other sources (i.e., not official app stores), potentially giving cybercriminals control of your devices.

The pop-up message is meant to inform you that apps from unofficial sources have been detected on your device. It is recommended that you uninstall these apps or disable their accessibility permissions in your device settings.

Here is what the pop-up message looks like:

You don't need to delete, download, or perform any action on the OCBC Malaysia Mobile Banking app. Instead, please uninstall the unofficial apps displayed in the pop-up message or disable the 'accessibility' feature for those apps.

We view privacy seriously. We do not conduct surveillance on customers’ device. The new security feature does not collect or store any personal data from your device; neither will it identify the owner of the device. We do not collect or store information on how our customers use apps installed on their mobile device.

Instead, an additional security check is simply performed directly at the device level. This means that no information or data will be transmitted back to us. The information collected at the device level is only used to identify if certain security parameters are not met. These parameters include apps residing on a device which were not downloaded from an official app store, and which have ‘Accessibility’ turned on. Apps with ‘Accessibility’ turned on can render your device more vulnerable to exploitation by hackers, scammers and other bad faith actors using malware.

We apologise for the inconvenience caused and seek your understanding that the security feature was implemented to protect our customers from malware or suspected malicious apps. Please refer to our article on malware for more information on how you can protect yourself.

This security feature was implemented with the intent of protecting our customers from malware and potential malicious apps. If you wish to continue using your OCBC Malaysia Mobile Banking app alongside apps that are downloaded from websites and other sources (i.e., not official app stores), you may turn off ‘Accessibility’ for such apps.

Yes, you will still be able to access the OCBC Malaysia Mobile Banking app for now. However, we strongly recommend that you consider deleting any unofficial apps for safer banking.

Alternatively, you can turn off the listed apps’ ‘Accessibility’ via the Settings menu on your device. For example, on Samsung mobile devices with the latest One UI user interface, you can navigate to Settings > Accessibility > Installed apps*.

*The steps to turn off an app’s ‘Accessibility’ may differ by phone model. Please refer to question 7 or check with your device manufacturer.

Accessibility services, like text-to-speech and speech recognition, are designed to make technology easier to use. For these services to work, advanced Android system permissions have to be granted to the app requesting them, such as allowing the app to read the text on the device’s screen or record text typed using the device’s keyboard. The latter, for instance, could be used to record your online banking login details.

The path to changing Accessibility settings may differ by device manufacturer and operating system.

Here are the possible paths for some popular phone models. If you continue to face difficulties with changing the Accessibility settings, please check with your device manufacturer.

Samsung Galaxy Devices: Settings > Accessibility > Installed Apps or Installed Services

Oppo A78 5G / Reno8 5G: Settings > Additional Settings > Accessibility

Oppo Find X2 Pro / A17: Settings > System Settings > Accessibility

Huawei P50 Pro: Settings > Accessibility features > Accessibility > Installed Services

Huawei Nova 3i / Nova 5T: Settings > Smart Assistance > Accessibility

Huawei Mate30 & Huawei Y9a: Settings > Accessibility features > Accessibility (Scroll down to Downloaded Services)

Google Pixel 5 / Pixel 3 XL: Settings > Accessibility

Redmi Note 10 5G: Settings > Additional Settings > Accessibility > Downloaded Apps

Poco X5 5G: Settings > Additional Settings > Accessibility > Downloaded Apps

This security feature flags apps that have been downloaded from sources other than official app stores. You may have downloaded them from websites or other sources. If you need to continue using these apps, we advise you to first uninstall them and then download and install the most up-to-date version of the app(s) from an official app store.

Alternatively, if you prefer to keep these apps after having assessed that they are not malicious and do not pose a malware risk, you can consider turning off ‘Accessibility’ for these apps – via the Settings menu on your device (e.g. on Samsung mobile devices with the latest One UI user interface, you can navigate to Settings > Accessibility > Installed Apps). This step will help to prevent your device – and OCBC account(s) – from being controlled by cybercriminals looking to exploit potential vulnerabilities in these apps (because ‘Accessibility’ is turned on).

Should you require further assistance, please provide more information to us via our OCBC customer feedback form.

This new anti-malware security feature is applicable to Android users as apps downloaded from other sources (e.g., official brand websites or apps installed using Android Package Kit (APK) files) are not verified and they tend to have more security vulnerabilities and so are more susceptible to malware infection.

Android are built to work more optimally and securely on devices whose mobile apps were all downloaded from official app stores (e.g., Google Play Store or Huawei AppGallery).

The list includes:

Google Play Store
Samsung Galaxy Store
Huawei AppGallery
Xiaomi MI App Store
Amazon appstore
Vivo V-Appstore
Oppo App Market

First introduced in Singapore by OCBC on 5 August 2023, the OCBC anti-malware security feature has – until 31 July 2024 – potentially prevented scammers from making away with more than SGD46 million, from more than 373 customers’ OCBC accounts.