undefined | Better HN

0 pointsnebulous11y ago0 comments

Do you use a banking app? Last I read depending on the type of check used some apps can still be problematic.

0 comments

So I guess next thing we need is someone sueing the fucking banks that do that. Mine luckily doesn't because I explicitly use an old phone with LineageOS, the banking app, and nothing else on it for online banking. It's arguably way more secure than using your main phone with a bazillion other Apps installed and online at all times.

eganist1y ago

How would that stick? You can just sign into the bank via your web browser in the case of a nonfunctional app. The apps just give you added security assurances beyond using the web.

"The app can't function in a low security environment, but complainant is free to use the web client in such event." case dismissed

(obviously an oversimplification, but the point stands)

erinnh1y ago

This is definitely not the case everywhere.

Where I live the app is 100% needed because it’s the „second factor“ in the login process.

2 more replies

oarsinsync1y ago

There are app-only banks too. Some of them provide a web interface, but it depends on the app to sign you into the web interface (similar to the way whatsapp requires you to use the app to sign into whatsapp web).

What happens when you primary bank has been one of these app-only banks for the last 5 years, and you decide to make a technology change to your phone, and can now no longer get into your banking app?

realusername1y ago

When you reject GrapheneOS, the most secure mobile OS on the planet but accept a no-name chinese ROM I feel like that you can't invoke security reasons anymore.

Too1y ago

Signing transactions usually take you back to the 2FA app here, where the amount and receiver is repeated.

Even if someone hijacks my computers web browser, the worst they can do is see my statements, any attempt to transfer out will pop up a prompt in the phone.

iforgotpassword1y ago

The app is for 2fa.

didntcheck1y ago

A lot of this actually seems to have come from recent regulatory pressure for 2FA (which I support in principle, don't get me wrong). I don't even think most of them have given much thought to rooted phones, rather they're just cargo culting Industry Standard Best Practices and turning all the device verification options to max. Luckily, most of them realize they still have customers without a compliant smartphone, or one at all, and offer a fallback, which is almost always SMS...

Though you get those newer "app only" banks. I've never used any since I see that as a major downside, not a selling point, so idk whether they tolerate root. Even with traditional banks, I've come across a few features which can only be accessed via the phone app - in this case likely due to the belief that "web? Everyone just uses apps!" rather than security

udev40961y ago

It's far from secure. You are using an outdated phone, which hasn't received any kind of firmware or vendor security patches in a while. And as far as I remember, LineageOS doesn't support relocking the bootloader which further reduces the overall security of your phone

iforgotpassword1y ago

What's the attack vector? There is nothing else installed on this phone, and I only turn it on when the banking website asks me to confirm the login via their app. So it's connected to my wifi for like 5 minutes.

Meanwhile my main phone is always on the mobile network, using a proprietary modem that's running ridiculously complex firmware that does edge, lte, 5g, VoIP, has its own tcp/ip stack and a dozen other super complex protocols, is closed source, gets no security reviews and is exposed to at least my mobile provider at all times. And that's just the modem. Don't let me get started with all the value-add software the phone vendor loaded the device up with. Some of which is running with elevated privileges. You seriously think this is more secure?

jiminymcmoogley1y ago

For UK banks on my Graphened Pixel 6a I can use the apps for HSBC, First Direct, Barclays, NatWest, RBS, Co-Operative Bank and Metro Bank with no issues, and have only had trouble with the Lloyds Bank app as of an update from maybe 2-3 months ago which throws an error saying they've detected I'm using a jailbroken/rooted device

White_Wolf1y ago

I get a message that the device is not secure but I can still make transfers and such from the banking app on a rooted OP9Pro. Never tried to use NFC payments though.

doublerabbit1y ago

Try using Monzo or Sterling.

Both will nail you to the ground.

baby_souffle1y ago

> Do you use a banking app? Last I read depending on the type of check used some apps can still be problematic.

It's important to distinguish between banking app and payment app. If you just want to check your account balance or find an ATM, the banking app will probably not mind that you're on a device that can't pass integrity checks.

If you want to use your phone's NFC to pay for coffee, though, you're going to have a bad time.

didntcheck1y ago

Also many "corporate" things, usually depending on your org's policy. E.g. I can't run OpsGenie (it may actually be the Microsoft SSO step failing, I'm not entirely sure, but the error definitely mentions my device not meeting security policies)

Xfx70281y ago

I use N26, Revolut, ING, and others. No issues, I just add the apps I need to the magisk hide list. I also use NFC payments. Only Google wallet does not work.

ravenstine1y ago

Yes. Wells Fargo, Discover, Alliant CU, Venmo, Paypal, and M1 Finance all work.

zerreh501y ago

Same with McDonald's, interestingly enough

vidarh1y ago

Yeah, my bank app both did not work with rooted phones, last I checked, and they also appear to whitelist phone models or something - at one point I had an uncommon mid-range Chinese phone and I had to contact support to have them approve my phone.

j / k navigate · click thread line to collapse

0 comments

iforgotpassword1y ago

eganist1y ago

How would that stick? You can just sign into the bank via your web browser in the case of a nonfunctional app. The apps just give you added security assurances beyond using the web.

"The app can't function in a low security environment, but complainant is free to use the web client in such event." case dismissed

(obviously an oversimplification, but the point stands)

erinnh1y ago

This is definitely not the case everywhere.

Where I live the app is 100% needed because it’s the „second factor“ in the login process.

2 more replies

oarsinsync1y ago

realusername1y ago

When you reject GrapheneOS, the most secure mobile OS on the planet but accept a no-name chinese ROM I feel like that you can't invoke security reasons anymore.

Too1y ago

Signing transactions usually take you back to the 2FA app here, where the amount and receiver is repeated.

Even if someone hijacks my computers web browser, the worst they can do is see my statements, any attempt to transfer out will pop up a prompt in the phone.

iforgotpassword1y ago

The app is for 2fa.

didntcheck1y ago

udev40961y ago

iforgotpassword1y ago

jiminymcmoogley1y ago

White_Wolf1y ago

I get a message that the device is not secure but I can still make transfers and such from the banking app on a rooted OP9Pro. Never tried to use NFC payments though.

doublerabbit1y ago

Try using Monzo or Sterling.

Both will nail you to the ground.

baby_souffle1y ago

> Do you use a banking app? Last I read depending on the type of check used some apps can still be problematic.

If you want to use your phone's NFC to pay for coffee, though, you're going to have a bad time.

didntcheck1y ago

Xfx70281y ago

I use N26, Revolut, ING, and others. No issues, I just add the apps I need to the magisk hide list. I also use NFC payments. Only Google wallet does not work.

ravenstine1y ago

Yes. Wells Fargo, Discover, Alliant CU, Venmo, Paypal, and M1 Finance all work.

zerreh501y ago

Same with McDonald's, interestingly enough

vidarh1y ago

j / k navigate · click thread line to collapse