There’s a privacy issue in the app which i would like to report.
When we tap on share referral code button, it asks for contacts permission & when we deny it doesnt let us share the link through any channel.
I understand contacts permission is required when Dhan wants to auto detect which contacts are already onboarded and which are left to onboard like it happens in Cred.
But if i just want to share the link to somebody on whatsapp, it doesnt make any sense to make the contacts permission mandatory. You can keep it recommendatory in nature when a user wants suggestion on which contact to send the link. But if i dont want your suggestion, then sharing the link on my own should be allowed without mandatory contacts permission.
There are many many many apps which allow the sharing of link , documents, etc without the need of contact permission.
I see it as a privacy issue & you all should do too.
We use multiple checks (sessions data, device binding etc) to understand the need of biometric on your device. Get in touch with us at help@dhan.co and we’ll be happy to assist you.
Sir, copying the referal link and sending involves multiple clicks which has no sense.
Also, when click on refer & earn on the hamburger menu , it asks us for contact permission & if we deny then it will take us back.
Only if we visit the refer & earn section from inside the profile section, then it will allow us to copy the link.
if you can enable sharing the link directly from the app without contact permission it would be great. & you know thats very much possible.
Also, my question would be why do you need contacts permission? you dont process the contacts & give suggestion on which contact is not on dhan then whats the need of contacts permission ? why do u need this data ???
If dhan uses Algorith to find out whether biometric is required or not then it should give us an option to use algorithm or every time biometric login as per our convenience.
If i am not wrong, there is a mandatory requirement by sebi as well to do 2FA & thats why you will see it mandatory under every broker.
even on indmoney, if you just open the app it won’t ask for biometric but if you want to access the stocks/mf section, then biometric is must.
i think that option to use biometric permanently or to use algo of dhan should be in the hands of the user.
and yes contact permission on refer & earn still seems unnecessary.
Hi @Champion_Trader As long as the current session is valid and authenticated, the app will work. The moment it is invalidated, you will be asked to re-authenticate it.
Security of financial apps is important, we do all measures possible to ensure things are done right - you will be suprised to know how many requests we have got asking us to keep login with OTP only and we have struggled to communicate that these processes work as per regulations defined and not feedback we get.
Well @krishag you do have option of sharing referral link without giving contacts permission - it is completely upto the user. And we continue to give referral credit to user even if the user has given contacts permission or not. It works both ways, for both set of users.
Yes, for authetication I have referred to in other response.
hi @krishag with contacts you will see who among your contacts is on Dhan and who is not. So you can refer only those who are not - it is a simple use-case.
@Champion_Trader yes chief, it is about perspectives here. If I kept my laptop at home open, and let’s say my child comes and sends a message to my team at Dhan - I am declaring bonus to all of them, whom should I held responsible… There are always going to be edge cases.
ps: my child does come by and plays videos on my laptop
Q1: Something proprietary to us. Can’t disclose. It’s like asking how do we processed our orders faster.
Q2: If it is partially invalidated and requires reauth - then by biometric (if you have set it) or fresh login if session is completely invalidated.
Agreed sir, but you can always give an option to the user if he wants biometric login each time the app is opened. This way the user can act on his requirement rather than depending on the perspective of anybody.
I dont think they will agree to this. Only the users feel the importance. In the interim, pls use phone’s app lock feature. There in almost all the models.
@Champion_Trader One more use case is say i am sitting with my friends and they have my phone for playing music, then he can view my investments.
I trust that person that he wont place any transaction bcz i would only give my phone to somebody whom I trust. but it doesnt mean that i would like him to see my financial status. i like to keep it discreet from anybody.
There are always going to be edge cases.