Hot new S'pore-based app Bondee refutes rumours, says it does not currently collect credit card info

Osmond Chia
The Straits Times
Jan 28, 2023

The Singapore-based parent company of viral social networking app Bondee has refuted allegations that its users’ credit card information was leaked, adding that it does not currently collect any financial details.

Accusations against the app, which blends the metaverse, online gaming and messaging, surfaced online days after Bondee launched on Jan 15 and quickly topped the charts on mobile app stores.

 

 

 

 

View this post on Instagram

 

 

 

 

 

 

 

 

 

 

 

A post shared by 김지우 (@wo.0z)

But concerns among social media users appear to have settled, with many noting that the evidence of mishandling was not clear in hindsight.

Responding to the allegations about its use of credit card details, Bondee’s parent company Metadream said on Instagram on Friday night: “Recently, it has come to our attention that there are rumours circulating on various social media platforms alleging that the credit card information of Bondee users had been leaked through their use of the Bondee platform.

“We would like to assure our users that such rumours are false and untrue, as Metadream does not currently collect users’ credit card information or any other financial information. We have also undertaken a precautionary review of our systems and wish to assure our users that our systems and our users’ personal data remain safe and secure.”

Metadream added that it will take legal action against those who spread misinformation about its services.

The Straits Times has contacted Metadream for comment.

The networking app, which has crossed a million downloads on mobile app stores, lets users personalise their own 3D avatars which they can use to interact with friends, and decorate their own virtual rooms, in the vein of simulation video game The Sims.

The app requires users to provide their name, account identification, password, mobile number and birthdate, but does not request any financial details.

Bondee’s app store page shows that in-app purchases are available in the form of B-Beans, an in-game currency. Bondee said in its privacy policy that the B-Beans can be spent on non-fungible token products on the platform, but the service does not appear to be active yet.

Several avatar outfits and accessories within the app are marked with a “limited free trial” label, suggesting that users will soon be required to pay to use them.

Checks by The Straits Times show that Metadream uses a shared office space at Duo Towers in Bugis and registered as a company in Singapore in September 2022.

Field cyber-security officer Ian Lim from cyber-security firm Palo Alto Networks said it is unlikely for an app to gain access to a user’s bank account if it has access to only the camera and media folder. In this specific case, bank accounts can be left vulnerable if users have financial information stored in images on their photo albums, he added.

Mr Lim said: “If there are unauthorised credit card or bank transactions, there should be an electronic trail from the merchant to the bank on who conducted these transactions and whether a card was even present.”

He added that users can practise good cyber hygiene by installing programs from only reputable developers and being cautious of apps that ask for permissions that are beyond the app’s functions.

Speculation about Bondee’s data policies surfaced on social media after users posted screenshots of allegedly unauthorised bank transfers, claiming that these had occurred after they installed the Bondee app.

The bank statements posted online do not indicate any links to Metadream or Bondee, while some posts expressing concerns over Bondee’s data policies were removed after Metadream’s statement was issued.

@teocyrus Did this at 3am so don't mind the mispronouncation haha Anyway do check him out @joshuaquekk for a more detailed explanation on the app secruity and how they wouldn't scam since Singapore takes it very seriously #fy #fyp #bondee #bondeescam #spreadawareness ♬ original sound - Cyrus

Student Ben Zhuang, 17, who had posted on Instagram that Bondee’s policies were fraudulent, said that with hindsight, he was unsure if the rumours about the app were true, prompting him to apologise for his earlier statement.

He said: “I just reposted what I saw online from a friend who shared the article with me.”

Another user, Ms Azrael Tan, who is in her 20s, said she was not convinced by the screenshots circulating online, adding that she intends to continue using the app for now.

Ms Tan, who works in customer service, said: “I read the privacy policy and it seemed okay to me. I didn’t give it any bank details and it doesn’t appear to collect data that’s different from the other social media apps around.”

Ms Phyllis Teo, 24, said she was worried that her Apple Wallet, which was linked to her banking cards, would be left vulnerable after she saw chatter online about Bondee’s data handling, and posted about her concerns in a TikTok video.

She said the app seems safe for now, consdering the company’s response and the fact that she was not prompted to enter any credit card information or sensitive details during the set-up.

Ms Teo said: “I plan to use it for now because it’s popular among my friends now and it feels like something new.”

@phyllisss_ Did you know that Bondee is created by a SG based company BUT SOMEONE TELL ME IF ITS A SCAM PLS #fypシ #2023 #bondee ♬ Milk Tea - Official Sound Studio

Netizens also highlighted that Bondee’s visual style had a striking resemblance to that of Chinese app Zheli, which was once owned by Chinese technology company True.ly and went viral. Zheli was removed from app stores in early 2022 after its data privacy practices came under scrutiny.

According to Metadream, the rights to True.ly were bought over by Bondee in 2022, and were used to further develop the app for an international audience.

Bondee has since been released in Singapore, Malaysia, Japan and other countries in the region.