Why does Apple allow Plaid apps in the App Store?
Handing your password over to Plaid gives them every bit of data accessible from your bank's web account. They can get as much information in the time it takes to screen scrape your account as the credit bureaus have collected on you in years. Their TOS lets them get everything available as far back as your bank will let them go and does not contain any financial guarantee whatsoever for when they are inevitably hacked.
But now apps are being approved that use Plaid without even confirming to the user that they are talking to Plaid because it's all being done in-app! No one can tell if they are sending their bank login (username, passsword, sometimes security questions / answers & one-time-passwords) to Plaid or a random third party because it happens outside of a browser.
Why is Apple approving apps that use Plaid?
3 comments
[ 4.1 ms ] story [ 19.8 ms ] thread- Zero granularity. You are granting Plaid and the company you are connecting to everything if you auth in -- no ability to select categories of data or specific accounts. In fact, you don't even get to know what you are granting access to.
- Bank fraud protection? It's unclear that your bank would decide to cover fraudulent transactions that happen after you willingly hand your login over to a third party.
Account + routing numbers do this just fine over ACH and come with fraud protection for me — we are trading our own protection for someone else’s (whatever third party is using Plaid) and gaining nothing in return in addition to giving them all of our financial data. Incredibly, the transactions performed after linking to Plaid are probably all ACH anyway.