SINGAPORE – The Singapore-based parent company of viral social networking app Bondee has refuted allegations that its users’ credit card information was leaked, adding that it does not currently collect any financial details.
Accusations against the app, which blends the metaverse, online gaming and messaging, surfaced online days after Bondee launched on Jan 15 and quickly topped the charts on mobile app stores.
But concerns among social media users appear to have settled, with many noting that the evidence of mishandling was not clear in hindsight.
Responding to the allegations about its use of credit card details, Bondee’s parent company Metadream said on Instagram on Friday night: “Recently, it has come to our attention that there are rumours circulating on various social media platforms alleging that the credit card information of Bondee users had been leaked through their use of the Bondee platform.
“We would like to assure our users that such rumours are false and untrue, as Metadream does not currently collect users’ credit card information or any other financial information. We have also undertaken a precautionary review of our systems and wish to assure our users that our systems and our users’ personal data remain safe and secure.”
Metadream added that it will take legal action against those who spread misinformation about its services.
The Straits Times has contacted Metadream for comment.
The networking app, which has crossed a million downloads on mobile app stores, lets users personalise their own 3D avatars which they can use to interact with friends, and decorate their own virtual rooms, in the vein of simulation video game The Sims.
The app requires users to provide their name, account identification, password, mobile number and birthdate, but does not request any financial details.
Several avatar outfits and accessories within the app are marked with a “limited free trial” label, suggesting that users will soon be required to pay to use them.
Checks by The Straits Times show that Metadream uses a shared office space at Duo Towers in Bugis and registered as a company in Singapore in September 2022.
Field cyber-security officer Ian Lim from cyber-security firm Palo Alto Networks said it is unlikely for an app to gain access to a user’s bank account if it has access to only the camera and media folder. In this specific case, bank accounts can be left vulnerable if users have financial information stored in images on their photo albums, he added.
Mr Lim said: “If there are unauthorised credit card or bank transactions, there should be an electronic trail from the merchant to the bank on who conducted these transactions and whether a card was even present.”
He added that users can practise good cyber hygiene by installing programs from only reputable developers and being cautious of apps that ask for permissions that are beyond the app’s functions.
Speculation about Bondee’s data policies surfaced on social media after users posted screenshots of allegedly unauthorised bank transfers, claiming that these had occurred after they installed the Bondee app.
The bank statements posted online do not indicate any links to Metadream or Bondee, while some posts expressing concerns over Bondee’s data policies were removed after Metadream’s statement was issued.
Student Ben Zhuang, 17, who had posted on Instagram that Bondee’s policies were fraudulent, said that with hindsight, he was unsure if the rumours about the app were true, prompting him to apologise for his earlier statement.
He said: “I just reposted what I saw online from a friend who shared the article with me.”
Another user, Ms Azrael Tan, who is in her 20s, said she was not convinced by the screenshots circulating online, adding that she intends to continue using the app for now.
Ms Phyllis Teo, 24, said she was worried that her Apple Wallet, which was linked to her banking cards, would be left vulnerable after she saw chatter online about Bondee’s data handling, and posted about her concerns in a TikTok video.
She said the app seems safe for now, consdering the company’s response and the fact that she was not prompted to enter any credit card information or sensitive details during the set-up.
Ms Teo said: “I plan to use it for now because it’s popular among my friends now and it feels like something new.”
Netizens also highlighted that Bondee’s visual style had a striking resemblance to that of Chinese app Zheli, which was once owned by Chinese technology company True.ly and went viral. Zheli was removed from app stores in early 2022 after its data privacy practices came under scrutiny.
According to Metadream, the rights to True.ly were bought over by Bondee in 2022, and were used to further develop the app for an international audience.
Bondee has since been released in Singapore, Malaysia, Japan and other countries in the region.