Apps like ICICI i-mobile, paytm madatorily want to read SMS permission, even after initial/first login.

Cred and Magicpin also try very hard to read your SMS with dark patterns. They use tactics like: don't show the skip/close button at all, use very small font size for skip button or keep asking for permission hoping that user will mistakenly accept it.

yeah, I saw the same why they need SMS texts after initial validation!
CanaraA1

So from a software developer point of view-

An app asks for sms permission in case it needs access to sms service. (banking apps sends out sms to verify your number)

There are 2 ways to ask for permission.

1. At app startup check if all permissions needed for app to run are there (quick and easy implementation)

2. Dynamically ask for permission when app needs to access that specific service (more complicated implementation)

It's not always about selling your sms its sometimes just how the code is implemented and most of the time no one is willing to spend extra hours into something that does not benefits them directly.

I stopped using banking apps when my bank started asking for such intrusive permissions (maybe something like two years ago).

Netbanking on the web browser has been more than sufficient for all banking needs since then. I never felt a need for these banking apps on the phone.

Has anybody else stopped using banking apps on the phone because of such creepy privacy intrusions to harvest client data?

The best they can do now is scrape my browser cookies.

There are ways to counter this in rooted devices. Since ages.

Get an iPhone 😎

Paytm is trash, so they harvest and sell data, that's a fact.

But all fintech apps need phone & sms permission because that's needed for UPI. It's in the guidelines but NPCI or RBI or something.

Canara bank a1 app goes even a step further and doesn't even open if media and files isn't granted on top of sms and phone and location