Activity - VELO Production Issue - S-MADP Customer Support & Information Center

Activity

From 24 July 2025 to 22 August 2025

Today

11:56 AM Bug #22301: [External Audit Findings][iOS] No Jailbreak Detection: Need to add the appcamo framework into the source code in next release.
Integrated AppCamo and conducted testing o... yap chekying
11:45 AM Bug #22301 (Pending PROD): [External Audit Findings][iOS] No Jailbreak Detection: yap chekying
11:51 AM Bug #22299 (Closed): [External Audit Findings][Android] Weak Root Detection: According to OCBC product owner, their shielding vendor can detect rooted devices, so no action is needed from the SL... yap chekying
11:48 AM Bug #22302 (Pending PROD): [External Audit Findings][iOS] Certificate files hardcoded inside the app: yap chekying
11:47 AM Bug #22274 (Pending PROD): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Tran...: yap chekying
11:47 AM Bug #22275 (Pending PROD): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Tran...: yap chekying
11:46 AM Bug #22276 (Pending PROD): [PROD][iOS][Side Menu][My Accounts] "Financial Information & Tax Reali...: yap chekying
11:46 AM Bug #22283 (Pending PROD): [PROD][Android] Version 1.0.43 Does Not Go Into Log Crashlytic: yap chekying
11:45 AM Bug #22286 (Pending PROD): [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch: yap chekying
11:45 AM Bug #22300 (Pending PROD): [External Audit Findings][Android] Certificate files hardcoded inside ...: yap chekying
11:45 AM Bug #22303 (Pending PROD): [External Audit Findings][iOS] Weak SSL Pinning: yap chekying
11:36 AM Bug #22304 (Pending PROD): [External Audit Findings][MLEB, iOS, Android] User Enumeration through...: yap chekying
11:35 AM Bug #22305 (Pending PROD): [External Audit Findings][MLEB, iOS, Android] Insecure Direct Object R...: yap chekying
11:35 AM Bug #22306 (Pending PROD): [External Audit Findings][MLEB, iOS, Android] Bypass OTP in Biometric ...: yap chekying
11:35 AM Bug #22317 (Pending PROD): [PROD][Android] Show "Something went wrong with OCBC Business" at Goog...: Due to the lack of specific phone model and device OS information, unable to simulate the issue and test the fix on o... yap chekying
10:35 AM Bug #22317 (Assigned): [PROD][Android] Show "Something went wrong with OCBC Business" at Google P...: 238,025
Updated encrypted method due to certain devices unable to get firebase token
238,064
31/7/2025 change ba... Hao Ter Tai
10:32 AM Bug #22325 (Pending PROD): [PROD][Android] Show Permission Required Pop Up when Share Receipt: tested ok in UAT yap chekying
10:31 AM Bug #22325 (Pending UAT ): [PROD][Android] Show Permission Required Pop Up when Share Receipt: yap chekying
10:27 AM Bug #22325 (Assigned): [PROD][Android] Show Permission Required Pop Up when Share Receipt: Hao Ter Tai
10:27 AM Bug #22325 (Resolved): [PROD][Android] Show Permission Required Pop Up when Share Receipt: 238,103
update for android 15 screenshot error
238,117
8/8/2025 Bug #22325 [PROD][Android] Show Permission Requi... Hao Ter Tai

07 August 2025

02:38 PM Bug #22325 (Pending PROD): [PROD][Android] Show Permission Required Pop Up when Share Receipt: Steps to reproduce:
1. Perform Own Account Transfer
2. After successfully perform transaction, tap on "SHARE" butto... yap chekying

06 August 2025

11:12 AM Bug #22283 (Pending UAT ): [PROD][Android] Version 1.0.43 Does Not Go Into Log Crashlytic: yap chekying
11:11 AM Bug #22276 (Pending UAT ): [PROD][iOS][Side Menu][My Accounts] "Financial Information & Tax Reali...: yap chekying
11:08 AM Bug #22301 (Pending UAT ): [External Audit Findings][iOS] No Jailbreak Detection: yap chekying
11:07 AM Bug #22300 (Pending UAT ): [External Audit Findings][Android] Certificate files hardcoded inside ...: yap chekying
11:06 AM Bug #22302 (Pending UAT ): [External Audit Findings][iOS] Certificate files hardcoded inside the app: yap chekying
11:06 AM Bug #22303 (Pending UAT ): [External Audit Findings][iOS] Weak SSL Pinning: yap chekying
11:05 AM Bug #22304 (Pending UAT ): [External Audit Findings][MLEB, iOS, Android] User Enumeration through...: yap chekying
10:58 AM Bug #22305 (Pending UAT ): [External Audit Findings][MLEB, iOS, Android] Insecure Direct Object R...: yap chekying
10:39 AM Bug #22306 (Pending UAT ): [External Audit Findings][MLEB, iOS, Android] Bypass OTP in Biometric ...: Released to UAT yap chekying
08:50 AM Bug #22274 (Pending UAT ): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Tran...: yap chekying

05 August 2025

04:43 PM Bug #22300: [External Audit Findings][Android] Certificate files hardcoded inside the app: 238,098
5/8/2025 Bug #22300 [External Audit Findings][Android] Certificate files hardcoded inside the app
Remove ... Hao Ter Tai
04:31 PM Bug #22274 (Assigned): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Transfer...: Hao Ter Tai
04:30 PM Bug #22274 (Resolved): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Transfer...: 238,097
5/8/2025 Bug #22274 [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Transfer][Online Trans... Hao Ter Tai
04:10 PM Bug #22274 (Assigned): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Transfer...: Please help to change for EN and ID too. Should show "Online Transfer". yap chekying

04 August 2025

02:29 PM Bug #22306 (Resolved): [External Audit Findings][MLEB, iOS, Android] Bypass OTP in Biometric Acti...: RC: Modification of response parameters in the API allows an attacker to alter values such as item prices, item quant... Tan Hi Ann
02:27 PM Bug #22305 (Resolved): [External Audit Findings][MLEB, iOS, Android] Insecure Direct Object Refer...: RC: The IDOR vulnerability occurs when an app exposes internal object references without access control. This allows ... Tan Hi Ann
12:12 PM Bug #22283: [PROD][Android] Version 1.0.43 Does Not Go Into Log Crashlytic: 238,095
4/8/2025 [PROD][Android] Version 1.0.43 Does Not Go Into Log Crashlytic
update google-service.json for ua... Hao Ter Tai

01 August 2025

10:10 PM Bug #22306: [External Audit Findings][MLEB, iOS, Android] Bypass OTP in Biometric Activation: 238,077
1/8/2025 [External Audit Findings][MLEB] Bypass OTP in Biometric Activation
Issue:
Modification of respons... Hao Ter Tai
04:15 PM Bug #22300 (Resolved): [External Audit Findings][Android] Certificate files hardcoded inside the app: merged into trunk Hao Ter Tai
03:09 PM Bug #22300: [External Audit Findings][Android] Certificate files hardcoded inside the app: 238,072
1–8-2025 Bug #22300 [External Audit Findings][Android] Certificate files hardcoded inside the app
Issue:
S... Hao Ter Tai
11:33 AM Bug #22305: [External Audit Findings][MLEB, iOS, Android] Insecure Direct Object Reference Vulner...: 238,070
1/8/2025 [External Audit Findings][MLEB] Insecure Direct Object Reference Vulnerability (IDOR)
Issue:
Th... Hao Ter Tai

31 July 2025

02:40 PM Bug #22317 (Pending PROD): [PROD][Android] Show "Something went wrong with OCBC Business" at Goog...: Please refer to attached image for details.
Please provide root cause and solution. yap chekying
10:52 AM Bug #22304: [External Audit Findings][MLEB, iOS, Android] User Enumeration through Error Messages: 238,053
31/7/2025 [External Audit Findings][MLEB] User Enumeration through Error Messages
Issue:
Error messages in... Hao Ter Tai
09:58 AM Bug #22304 (Resolved): [External Audit Findings][MLEB, iOS, Android] User Enumeration through Err...: RC: Error messages provides valid and invalid username information.
Solution: Modify error message to generic mess... Tan Hi Ann

30 July 2025

04:43 PM Bug #22300: [External Audit Findings][Android] Certificate files hardcoded inside the app: 238,044
30/7/2025 Bug #22300 [External Audit Findings][Android] Certificate files hardcoded inside the app
Issue:... Hao Ter Tai
10:35 AM Bug #22165 (Closed): [PROD][Android] Added "uat" Word in Android Name and Causing Crash When App ...: released to production on 3rd July 2025 yap chekying
10:30 AM Bug #22165 (Resolved): [PROD][Android] Added "uat" Word in Android Name and Causing Crash When Ap...: Verified tanchen yee

29 July 2025

10:24 AM Bug #22301 (Assigned): [External Audit Findings][iOS] No Jailbreak Detection: Added more rigid jailbreak detection. He Xi Yeo
10:05 AM Bug #22301 (Pending PROD): [External Audit Findings][iOS] No Jailbreak Detection: Issue:
Jailbreaking is the process of gaining administrative or privileged access to the iOS OS. Without jailbreak d... yap chekying
10:22 AM Bug #22302 (Assigned): [External Audit Findings][iOS] Certificate files hardcoded inside the app: The certificate is now encrypted and obfuscated before being included in app. He Xi Yeo
10:07 AM Bug #22302 (Pending PROD): [External Audit Findings][iOS] Certificate files hardcoded inside the app: Issue:
Same as Android – developers embed a list of trusted certificates inside the app and use it to validate serve... yap chekying
10:20 AM Bug #22303 (Assigned): [External Audit Findings][iOS] Weak SSL Pinning: Added SSL Pinning, which compare server hashed public key compared to app's hashed public key. He Xi Yeo
10:09 AM Bug #22303 (Pending PROD): [External Audit Findings][iOS] Weak SSL Pinning: Issue:
During testing on iOS apps, the tester found that the app does not implement SSL Pinning. Without SSL Pinning... yap chekying
10:12 AM Bug #22306 (Pending PROD): [External Audit Findings][MLEB, iOS, Android] Bypass OTP in Biometric ...: Issue:
Modification of response parameters in the API allows an attacker to alter values such as item prices, item q... yap chekying
10:11 AM Bug #22305 (Pending PROD): [External Audit Findings][MLEB, iOS, Android] Insecure Direct Object R...: Issue:
The IDOR vulnerability occurs when an app exposes internal object references without access control. This all... yap chekying
10:10 AM Bug #22304 (Pending PROD): [External Audit Findings][MLEB, iOS, Android] User Enumeration through...: Issue:
Error messages in an application can provide valid and invalid username information.
This information can po... yap chekying
10:04 AM Bug #22300 (Pending PROD): [External Audit Findings][Android] Certificate files hardcoded inside ...: Issue:
SSL Pinning is a security mechanism used to prevent man-in-the-middle attacks by validating the certificate ... yap chekying
10:02 AM Bug #22299 (Closed): [External Audit Findings][Android] Weak Root Detection: Issue:
Rooting is the process of gaining administrative or privileged access to the Android OS. Without root detecti... yap chekying
09:55 AM Bug #22286 (Pending UAT ): [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch: Tested OK in SIT yap chekying
09:54 AM Bug #22275 (Pending UAT ): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Tran...: yap chekying
09:53 AM Bug #22275: [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Transfer][Online Tr...: Tested ok in SIT yap chekying
09:52 AM Bug #22274 (Pending UAT ): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Tran...: Show "Online Transfer" yap chekying

28 July 2025

04:31 PM Bug #22282 (Monitoring): [PROD][BE][Fund Transfer][Transaction Summary] Duplicate Records Show on...: Unable to reproduce it in UAT. Based on log review, only one record was passed from MLEB to BE. yap chekying
04:28 PM Change Request #22160 (Closed): [CR][Android] Chinese Translation: Released to production on 3rd July 2025 yap chekying
04:28 PM Change Request #22161 (Closed): [CR][iOS] Chinese Translation: Released to production on 3rd July 2025 yap chekying
04:27 PM Bug #22280 (Closed): [PROD][BE] Hit MCB999 Error and Required Reactivate Biometric & SW Token: Released to production on 14th July 2025 yap chekying
04:26 PM Bug #22241 (Closed): [UAT][BE][Unbind Device] Hit Error When Unbind Device: Released to production on 14th July 2025 yap chekying
04:25 PM Bug #22240 (Closed): [UAT][Android][ATM & Branch] Show Error When Tap on ATM & Branch Menu: same as redmine #22286 yap chekying

25 July 2025

03:31 PM Bug #22101 (Closed): [PROD][Android][Telegraphic Transfer] Transfer Frequency Dropdown Fields is ...: yap chekying
12:05 PM Bug #22101: [PROD][Android][Telegraphic Transfer] Transfer Frequency Dropdown Fields is Empty: BAU only set to system default.
solution
during calling getsTransactionFundTransferStep1 grap value and store it ... sengloong.khoo sengloong.khoo
03:31 PM Bug #22106 (Closed): [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Terms...: yap chekying
02:56 PM Bug #22106: [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Terms & Condit...: Root Cause:
The application crash occurred during the Telegraphic Transfer (TT) flow in the Business-As-Usual (BAU... sengloong.khoo sengloong.khoo
02:49 PM Bug #22106: [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Terms & Condit...: the root cause provided is unclear, and the solution is missing. yap chekying
12:15 PM Bug #22106: [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Terms & Condit...: Refer 22101 as due to changing calling getsTransactionFundTransferStep1 FE require to call additional transactionBene... sengloong.khoo sengloong.khoo

24 July 2025

05:11 PM Bug #22064 (Closed): [PROD][Android] Show Popup "This app needs retrieve IMEI" When Open App: yap chekying
04:42 PM Bug #22064 (Assigned): [PROD][Android] Show Popup "This app needs retrieve IMEI" When Open App: please provide root cause and solution. yap chekying
04:42 PM Bug #22101 (Assigned): [PROD][Android][Telegraphic Transfer] Transfer Frequency Dropdown Fields i...: please provide root cause and solution yap chekying
04:40 PM Bug #22106 (Assigned): [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Ter...: please help to provide root cause and solution yap chekying
11:22 AM Bug #22286 (Assigned): [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch: Hao Ter Tai
11:18 AM Bug #22286 (Resolved): [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch: 237999
24-7-2025 Bug #22286 [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch
Actual Result:
Show err... Hao Ter Tai

Also available in: Atom