Do mobile apps have cookies?

goodValue

Twice recently, it looked like cookies were being put on my smartphone by a banking app.
After logging on, there was a cookie information screen much like what you get when accessing a website with a browser.
I thought that the technology for browsers and apps was quite different, and that you could control what was put on your phone via app permissions.

So was this just a browser page mistakenly put on the app, or do apps really have cookies?

Neil_Jones

goodValue said:

Twice recently, it looked like cookies were being put on my smartphone by a banking app.
After logging on, there was a cookie information screen much like what you get when accessing a website with a browser.
I thought that the technology for browsers and apps was quite different, and that you could control what was put on your phone via app permissions.

So was this just a browser page mistakenly put on the app, or do apps really have cookies?

Quite a few "apps" are just web browsers in new colours fixed to access specific pages.  So yes they are subject to cookies and things (which are part of internet life on any device, not just desktops and mobiles).

As a general rule if you can do something through a web browser the associated app may just be a repackaged browser.  The NHS app behaves like this because the "app" just loads this: https://www.nhsapp.service.nhs.uk/login - and the code hides the App links when it knows its on a device.  You may get access to extra security provided by things like finger print scanners, face recognition etc, as supposed on your device.

[Deleted User]

They can do but depends on the app.

Some apps are either just a web browser that has been customised for that particular app or include a web browser in the app and as such, they can use cookies. But mobile apps are sandboxed so other apps and browsers can't access the cookies.

I thought that the technology for browsers and apps was quite different and that you could control what was put on your phone via app permissions.

When it comes to what is put on your phone by an app, then you actually have less control than cookies. Apps can store data locally in files/databases as required by the app and doesn't need your permission to do that. Apps therefore can store much more data than a cookie if needed so I wouldn't be worried about cookies if you are concerned about the data an app stores on your phone.

goodValue

Thanks for the explanations.

I've seen a number of threads on this forum about security. One conclusion I came to was the less information you make available (social engineering/data on devices) the better.
So is there any particular actions particular to apps that one can take to enhance security?

forgotmyname

They store data which could be in the same category as a cookie. Check the app info you will see how much data the app stores.

km1500

"After logging on, there was a cookie information screen much like what you get when accessing a website with a browser."

I am curious - which banking app gives you a cookie consent screen - I have never seen one on an app?

goodValue

It wasn't a consent screen, I don't remember seeing any Accept buttons.
That's one of the reasons I thought it was an anomaly perhaps mixed up with the browser code.
Remember it only happened twice, in perhaps two years use.

AstonSmith

km1500 said:

I am curious - which banking app gives you a cookie consent screen - I have never seen one on an app?

I've seen one on the Barclays Bank app. I do believe (as stated by Neil) that it's just a mobile website in app form.

km1500

I have had Barclays at for some time and never seen that - unless you mean something else

In any case it wouldn't be cookies there is certainly no way Barclays app would stash a cookie in for example the Google Chrome cookie depositary or Samsung Internet cookie depositary. It would all be stored within their own data cache associated with the app

When you speak about a mobile banking app being basically a Web page in disguse, then if you mean that the mobile app client code runs talking to the server backend well then yes.  And of course they both do the same function for example displaying transactions and balances. However that is where the similarity ends - there's no way a mobile banking app is any other way similar to for example a Chrome Web page.

AstonSmith

In the settings there's a section detailing their cookie policy. Further within the settings there's an area where you can set your "data preferences", with the usual language of a cookie consent box. "Strictly necessary", "functional", "performance" and "tracking" toggles. It even mentions the cookie policy in the introductory text.

I had always assumed it was an HTML5 application within a Webkit box, at least on IOS. Am I wrong? Quite possibly, but I think it's way too slow to be a native app.

But yes, of course the cookies would be isolated from the main web browser.

goodValue

I have had a look at the Android Settings for the app (HSBC).
There were no permissions for the app, though it does appear to have somehow stored data.

User data   5MB
Cache        1MB

There are buttons for "Clear Storage" and "Clear Cache".
Is there any value in clearing this data?