Now, we're locking people out of society for having the audacity of wanting to decide what gets run and not run on their computers?
Kinda weird, if you think about it. But that seems to be the way it's heading.
No, the much more secure while at the same time liberty-preserving way to do this are heavily sandboxed secure enclaves with attestation, or even better standalone tamper-proof devices capable of attestation.
Like the ones practically every bank customer already has in their wallet, and for which most phones have a built-in reader these days... The only thing missing is a secure input and output channel, like a small built-in display and a button or biometric input.
In any case, I somewhat empathize with banks in that they want to ensure that my transaction confirmation device is not compromised, but getting to dictate what software does and doesn't run on my own hardware outside of maybe a narrow sandbox needed to do that is a no-go.
Much like I expect my employer to provide me hardware, and that hardware is used exclusively for work.
I shouldn't have to spend my own money on another device, nor should they be asserting their desires for control onto my own devices.
Maybe in US. In Vietnam, $300 is the average monthly salary, and the minimum wage is around $150. Probably the majority of people don't have a primary phone worth more than $300.
A country that is a dictatorship - I can understand why their slaves have to go through this. I fail to see why a true democracy would do this though. There is zero need to be required to have a smartphone; all those transactions work perfectly fine on a desktop computer system too, under Linux. People then may have a second device at home, some card reader and/or a thing such as Yubiko or something like that. IMO not even this should be required, but to mandate an app that would not be permissive under Linux - that is true dictatorship. I am surprised the government of Vietnam went that way.
Just "a phone" with a bad update policy is $100.
No need for the scare quotes. Forcefully removing people's agency over themselves is pretty much the definition of evil. We do not hurt criminals as punishment anymore, in the civilized age, but we still lock them up.
Now, of course we should not equate physical prisons and digital prisons in any other way, but we should absolutely call both forms of imprisonment evil, plain and simple.
Singapore is quite civilized, and they conduct caning strokes.
Now that physical media is all but gone, computer manufacturers (both personal computers and phones) found it behooved them to essentially control the market with regards to what can get installed on your computer. Oh, and conveniently, they charge a fee for developers to use this "service," and take a percentage of what the developer earns by selling software on their "service." And somehow in the late 2000s early 2010s, it just became normalized, and somehow the term for being able to install software on a device you supposedly own became a scary term, "jailbreak."
Granted, jailbreaking was often used for piracy, but the fact that there needed to be a process at all confounds me.
My mom has an iPhone and she manages to install a bunch of weird things on her phone, like anti-virus software that almost certainly don't scan for viruses, but are all too happy to take your money to make your phone more secure. These are things that the App Store "service" should have guarded against if they were indeed doing their jobs and protecting consumers from bad software.
And, I wouldn't be surprised if she'd be locked out of her banking app eventually because [insert entity here] deems her phone too old to update her banking app. She's "following the rules" and still getting screwed over.
Through the 00s, Apple practically built their reputation on being "virus-free" which really just meant they locked out the user from being able to do anything too extreme.
The real irony here is the use of free software to tear down everything the free software movement stood for.
I do not know whether Vietnam has any pretence of digital sovereignty, but many countries that do are doing this like this to actively move away from it.
I really hope we can convince enough people to care about general computing.
Cory Doctorow lays it all out in his speech about the Post-American Internet: https://pluralistic.net/2026/01/01/39c3/#the-new-coalition
In fact this is what led me to unlocking the bootloader, swapping the OS and rooting my phone. The infuriating situation where if you setup so called "corporate owner" (or mdm) during the first login you can add your own certificates, but if you don't... Basically the "corporate owner" of your phone is Google.
Yes, literally, you do not own it.
Also it is worth noting certain countries where "rooting/bootloader unlocking is illegal" - namely China and the horrible stupidity of people claiming EU Gdpr prevents manufacturers from offering simple bootloader unlocks for their phones.
We absolutely need to vote with our walkers. I bought a Samsung before and a Xiaomi recently only because both allow relatively simple unlock (ok the Xiaomi requires you to wait to press "request unlock" exactly at midnight Beijing time", and it only works for non-Chinese phones, but still unlocks fine.
App sandboxing and system file integrity is one of the most beneficial security features of modern computing, and the vast majority of people have no desire to turn it off. You can buy rootable phones. People overwhelmingly choose iPhones instead.
Even if Apple sold the SRD at scale, nobody would buy the weird insecure hacker iPhone except us and maybe kids who realllly want Fortnite.
There was never going to be anything preventing non-technical folks from buying iPhones. They can and should have what they like.
Why should there be a law that forces that same compromise onto anyone who can only afford a single device and needs to use it to access their bank?
You can have sandboxing and system integrity while still giving the user overrides. But hey this is not Google and Apple's business model because it makes you less dependent on them. And it interferes with their sweet 30% rent-seeking app stores.
Mobile security works this way not because it's best for us but because it's best for making them money.
> You can buy rootable phones.
Eh yeah but the problem is of course being locked out of apps if you actually root it.
I don't want Google or Apple to decide what I can do with my phone. Or the government like in this case. This also opens the door for evil spyware like chatcontrol in europe. Even today they are trying to enforce a backdoor into whatsapp to block "harmful content" which is of course impossible without breaking or circumventing the E2E on-device.
> People overwhelmingly choose iPhones instead.
Maybe in America, not here in Spain. I guess not in Vietnam either.
Further, the people promulgating this sort of solution know this. The evil is that they are wittingly using a problem as the excuse and the cover to get something else they want which they would otherwise never get and have no right to.
For everyone who is doing this knowingly, there are countless other sincere but unwitting tools haplessly just buying the line sold to them. So you might be able to say you are not evil for supporting this kind of policy, but all that means is that you are either a witting or unwitting tool of the evil policy.
"Rapes happen behind closed doors, therefore we have to remove all doors. No one denies that rape happens and that it's a bad thing. And it's irrerfutable that without doors that close, no one would be able to get away with a rape. And so, the only grown-up thing to do is agree to give up doors that close. It's not an evil at all."
For the masses, lack of system-level access is a benefit because they won't be able to ruin their device. For hackers and hobbyists, lack of system-level access is a hindrance because they won't be able to control their device.
The irrefutable part here is that the security model works. Locking down the bootloader and enforcing TEE signatures does stop malware. But it also kills user agency. We are moving to a model where the user is considered the adversary on their own hardware. The genius of the modders in that XDA thread is undeniable, but they are fighting a war against the fundamental architecture of modern trust and the architecture is winning.
1) An unmodified iPhone SE (2022 model) with OS support until 2032. This runs all my authentication, banking, health, etc. It is in airplane mode 99% of the time unless I need it.
2) The second is a Pixel 9a with Graphene OS for daily use, routing and internet access.
If I could get away with carrying a tiny device again instead of lugging around a brick I would, but the world has made it as inconvenient as possible not to.
A BlackBerry from 15 years ago weighed just over 100g and did 80% of what your modern-day pocket computer can.
What makes you think it'll be supported for a decade? Looking at the past models, the support period is around 5-7 years. If you count security updates that might get you to 10 years, but at the 7-9 year mark apps will eventually refuse to update because you're not on the latest ios.
The iPhone SE would be the one I use for calls, SMS, etc. It has the SIM card.
The Pixel 9a would be used for everything I don't need a data plan/SIM card (browsing etc).
My needs are a bit different from yours. I like to separate telephony and communication (i.e. WhatsApp, SMS) from everything else. This way, if I want quiet, I just turn that phone to airplane mode. I really don't want to get random pings while I'm doing "real" stuff on my phone.
If they stopped, I think I would seriously consider swapping banks and whatever else instead of using a different OS.
https://privsec.dev/posts/android/banking-applications-compa...
Everytime I have to use a stock phone I'm appalled at the ads and I have absolutely no trust in any US or Chinese manufacturer. So I use them only for banking and digital id because that's presumably not what they actually care about.
It's not that expensive, I think many people have an old Android phone lying around, it doesn't have to be up to date.
I run a proxmox server on my home Lan with all the services and storage I want, including a wireguard server. My Android phone can then connect to my home LAN services from anywhere in the world (my ISP provides static public IP addresses).
My Android device is then a simple terminal to all my "stuff". It can be locked down as much as they want it to be, as long as it can run WireGuard. I have no use for a rooted phone. In fact I want it to be as hardened as possible in case of theft.
Most of my banking apps work fine on GrapheneOS, but I've adopted this because I'm confident they'll eventually break. And access to Apple Pay is nice.
Carrying two phones is annoying, but, agency over my main computing device is worth the price.
- I bought the iPhone SE 2022 second-hand for 150 EUR. I think this is a fair price, but it's still expensive given that I leave it lying around 99% of the time, which I still feel is a waste of resources, regardless of my motivation.
- My main reason for having two phones is pretty simple. I think browsing and daily internet use just don't go together anymore with authentication, banking and health. I also didn't want to carry a critical key to my digital infrastructure around with me every day, especially in bars (etc.). Having a separate phone helps me to treat different aspects of my life differently. No worries, I don't have to carry two phones with me all the time.
- Yes, I do other things to generally reduce my digital footprint: I use different browsers for different things, such as admin work and social media (in those rare cases where I still use it). I also self-host behind VPN and have moved many apps to my internal stack, which gives me better control over what communicates with what. For example, I use WhatsApp Bridge so I don't have to use the app directly on phones anymore. I self-host Invidious with privacy-redirect for Fennec for YouTube, etc. Over time, all of this has slowly helped me regain my freedom, and it actually feels liberating.
- My path may not be your path.
Then you choose the flagship device you're going to use 99% of the time on the basis of how easily you can unlock the bootloader/root.
Is it really? £150 on backmarket for a phone which will last 10 years doesn't feel expensive.
Makes sense to me to run any banking on a secure device anyway.
Cheers, maybe by 2027 unattested devices won't be allowed on the internet. It's not a solution. The problem didn't exist a few years ago, the idea that it will not continue to its inevitable conclusion within a few years without real solutions is laughable.
Wait until Graphene is classified as a hacking tool and Estonia convinces the EU to fine a million Euros a day any company providing services to host its website. Wait until, "in the spirit of reconciliation," the US goes along with it, too.
Wait until unattested desktops aren't allowed on the internet.
the only way to disable any transmissions is to turn off the device
Need? Unless and/or until the ability to log in and do your banking, healthcare, etc. via desktop/laptop goes away, then you don't need a phone to do any of that. Yes, 2FA may be required but in the tangential experience of myself, my partner and my two closest friends, we have multiple 2FA options available to us for our banking/healthcare apps that don't require a smartphone.
I see this point all the time - "You can't bank or do important life stuff without a phone!!!" and it's just, largely, bullshit. I don't do any "important life stuff" on my phone.
Beyond that, even if you had to have a phone to perform those tasks, I'd strongly argue that if you feel you need a second phone, then, and I know this will come off as reductive and unproductive, I think the idea of spending less time on your phone and on the internet, and more time "touching more grass" and interacting with the community and world immediately around you, might apply.
The Coming War on General Purpose Computation
https://boingboing.net/2011/12/27/the-coming-war-on-general-...
unrelated to phones a lot of (more professional) malware has moved to not persist itself in root space (or at all) as to not leaf traces (instead it will just rely on being able to regain root access as needed every time you reboot with all the juicy parts being in memory only (as in how often do you even roboot your phone))
I think (but am not fully sure) this also applies to phone malware.
I.e. no it doesn't work.
Not unless you
- ban usage of all old phone (which don't get security updates)
- ban usage of all cheap phones/phones with non reliable vendors
- have CHERY like protections in all phones and in general somehow magically have no reliable root privilege escalations anymore
Oh and advanced toolkits sometimes skip the root level persistence and directly go into firmware parts of all kinds.
Furthermore proper 2FA is what is supposed to make online banking secure, not make pretend 2FA where both factors are on the same device (your phone).
And even without proper 2FA, it is fully sufficient to e.g. classify rooted phones as higher risk and limit how much money can be transmitted/handled with it (the limit should ignoring ongoing long term automated repeated transactions, like rent).
There really is no reason to ban it.
I stopped using banking apps on my phones a few years ago - they got more and more annoying, and I don't buy into the "the device is secure and should be used as a trust token". So I'm now back to banking only on my computer, with a hardware token for TAN generation.
Outdated but signed ROM with tons of unfixed CVEs will be still considered totally fine.
Latets Lineage OS or Graphene OS will be rejected.
That has been the model since day one, since you are using spectrum that, because the end users are not licensed, requires it. Radios in 100% of commercially available phones are locked to prevent user tampering.
You don't get root on your debit card either, despite it running a computer.
Why, then, can users be root on PCs that have wifi cards, SDRs or cellular radios?
Doesn't stop state approved malware in all its forms.
This is lazy control.
Not that it excuses the withdrawal of user agency. But I've never used a banking app on my phone before. Anything important I still like to do on a desktop.
Though how much longer that's safe, who knows. Apple's model of requiring their permission to run code on your own device will probably spread to everything given enough time.
I guess you could take your laptop out at the restaurant and in the taxi to pay. It seems a little strange. You might better just use a browser on the smartphone instead of the mobile app.
A lot of banks require using their banking app to get a 2FA token to log-in on a desktop web browser.
Here in Europe, good luck using any form of online payment without one due to 2FA requirements.
I have no idea about the kind of malware you're talking about.
I think we’ve been there at least since the first iPhone, and it’s now entirely normalized for the average user.
The only solution is to force some semblance of user agency on those models, such that the vendor isn’t imposing from above.
This totally beats the purpose of owning or using tech. Might as well go off grid and live a non-tech life.
Big tech wants to colonize our hardware completely because data centers alone ain't cutting it.
1$ Trillion has to be paid back to the investors plus interests. They screwed up with AI and we have to pay for it. Or maybe they didn't screw up because big money always gets bailed out by the plebs.
> The irrefutable part here is that the security model works.
Yes! And that business model should be allowed.
This leads me to worry the notion of "user agency" may be misplaced, meaning, aimed at the wrong level of the stack. It would seem both open (general compute ethos) and secure devices (appliance ethos) have a right to be in the market. So…
### Perhaps user agency should be at the experience level. ###
We couldn't plug Sega Genesis cartridges into Nintendo 64. We understand this about consoles. If we remap mobile devices into consoles, it seems less obvious their internals should be opened and tinkered with by end users.
User agency seems more at the level of picking a console family, and it's often for the whole brand aura including both the console itself and safeness-to-permissiveness dial by which the brand curates its the cartridges (spectrum from Nintendo to Apple to Sony to Microsoft and Steam). A free market for mobile devices or desktops would likely sort out a similar spectrum of just-works to fidget-able. If you choose the Nintendo 64, you wouldn't expect to run arbitrary software on it as you would expect on Dell.
We hackers are capable of figuring out how to make Nintendo 64 software; our neighbor does not need or want those affordances, they want just works, no headaches. This idea that the user must be able to open their digital watch or toaster oven and change how it is wired glosses what users actually choose: the conveniently toasted meal.
At the same time, business models around the curation and appliancification of digital tools, blurring the lines from hardware through solid state through firmware to software into a single product users can choose, must be defended.
If I want to dev for a secure product, I similarly must be OK opting into the supply chain security model (with Apple, registering as a dev in order to exchange cert material and bypass consumer paths to loading software I'm making for the platform) that allows that product to be secure, and opted into by users with money to buy my app, that caused me to want to develop for it in the first place.
Users must have a right to buy an appliance that isn't fiddle-able. Not mandated to, as this article sounds, but allowed to as the EU is trying to deny. Such products have a right to exist, and such business models have a right to exist.
And then, user agency remains as simple as use dollars to buy a product offered through a biz model that matches the user's goals, rather than regulate to disable business offerings offerings/products that don't, and developer agency is to pour energy into the platform that aligns with one's ethos.
If more money is to be made on a platform with a different ethos, perhaps it's worth reflection rather than rants.
This has always struck me as a matter of checkbox compliance rather than a commonly-exploited attack vector, though I'll grant that's partially because few people actually use such devices.
The big fraud vector is running emulators in datacenters or skipping running the app entirely and talking directly to endpoints. Requiring that an entity making a request is from a real phone and is from (approximately) your app adds friction and is effective at reducing fraud.
A significant amount of fraud comes from scammers convincing victims to installed malicious apps. They fake being a customer service provider.
Banks don't want their customer's to lose their money and they don't have the tools to protect them from themselves. For all the privacy reasons, app stores don't even banks enough tools to identify and block this fraud.
When finding help on how to do this, people were saying it's useless cause they can proxy/VPN anyway, but obviously that has some cost to them because they weren't doing that. So seeing how I had no legitimate traffic from there, it was an easy choice and cut out like 99% of abuse.
I’ve also had other banks do the same. They provided me with a debit card that supports international transactions but they did not allow logging in from most Asian countries. So I would log in from Asia, be blocked, turn on my VPN and log in from the U.S. to check the balance on my card.
> I’ve also had other banks do the same. They provided me with a debit card that supports international transactions but they did not allow logging in from most Asian countries. So I would log in from Asia, be blocked, turn on my VPN and log in from the U.S. to check the balance on my card.
Yeah it was kind of complicated. We blocked high fraud countries to just get rid of this low level fraud and port scanning. But if someone was actually a customer, then that was fine, it was just assumed they would know how to use a VPN and they're going to get everything verified. There's also some KYC rules that I am not too familiar with that it just became considered okay at that point.
Separately, I couldn't even log onto their system this week from my desktop browser because of some bug. (Accessing from the US). It didn't recognize my username or password, let me change my password, then said it didn't recognize the new password.
Of course they slathered the app with tracking, 'security', and analytics SDKs, so rooted devices are rejected. I had no way to log into this bank account after they made that change, which is simply wonderful.
Anyways, they're not yet at the point where they've learned to do the checks server-side. For now it's a one line patch to skip the root screen. But the Play Integrity API is designed correctly, if they learn to use it, there will be no workaround without someone finding a hardware vulnerability somewhere.
Some of that liability is fair but most of it is the government telling the banks to account for the loss when someone is scammed. They are obviously going to mitigate that as much as they can.
This is why LineageOS is actually dead in the water, even though they're "in talks with hardware vendors". It doesn't matter when people can't use the apps and services they need.
I chose my current bank because it was one of the few that had proper token based access for 3rd party integration. An overwhelming majority of banks were relying on a 3rd party holding your actual username/password and saying "trust me bro". I wasn't comfortable with that.
In the future, everything will need an 'app'.
I've heard 3rd hand of some banks already doing this in i.e. Armenia where a foreigner can come in and open account easily but they block any online access to lock the control of funds in country to make it harder for the FATF psychopaths to find fodder to clamp down on them.
I believe that previously internet banking, even before mobile banking, will limit the number of transfer recipients you can add per day/month. With the rise of QR payment I could see this limit being regularly hit if you scrape the web-based banking.
Since the Bank of Thailand claims that they technically don't block many things (mobile banking technical requirements seems to also require blocking root, but they never banned internet banking), I wish there's a new bank that try to disrupt the existing players. But the latest "branchless" banking license were only acquired by existing banking groups, so API-first personal banking remain impossible.
The banks that allow you to do everything on their website trend towards legacy and US-centric.
on the other hand phone does not require you to verify with your pc, so there's no second factor unless there is some unacessible secure island within the phone itself.
funny enough, you can probably use that website directly on the phone that you use as 2F, which probably circumvents the 2F idea (at least as long as you use SMS 2F instead of app that checks for root)
From they you can keylog. Highjack input listeners, basically do anything you want.
While they (mostly) have websites, a computer with root access is not sufficient by itself to access them. You also need to perform 2FA via push notification to a proprietary app on an Apple or Google approved device.
The Vietnamese government has reported a rise in account takeovers and other banking thefts [2]. SIM-swapping has been a tactic used. Adding difficulty for fraudsters to trick unsophisticated banking customers is a valid security layer.
1. https://vietnamnet.vn/en/biometric-deadline-nears-millions-o...
2. https://evrimagaci.org/gpt/vietnam-faces-surge-in-sophistica... (expands upon https://vneconomy-vn/techconnect/mobile-banking-phat-trien-manh-tai-viet-nam.htm)
You fight SIM-swapping by outlawing the moronic practice of using SMS for anything security sensitive. Not by blocking user modified OSes.
[0] - https://vneid.gov.vn/
[1] - https://tuoitre.vn/thieu-tuong-nguyen-ngoc-cuong-nang-cap-vn...
Surely most people running a rooted phone are tech enthusiasts. Cybercriminals will just use regular phones bought under false names and dispose of them afterwards.
Viet Nam is in the process of rolling out mandatory biometric identification and verification as part of the VNeID project [0], and mobile operators are in the process of rolling out identity stamping if mobile devices using VNeID [1]
Viet Nam is also an authoritarian state who's current leader (To Lam) spent his entire career in Viet Nam's KGB (MPS/BCA). Unlike Westerners, Vietnamese know the red lines - this is why I and my SO (much to her chagrin due to my insistence) never travel back to VN with my personal accounts or devices, and why we keep some friends of friends on speed dial.
[0] - https://vneid.gov.vn/
[1] - https://vtv.vn/nha-mang-ho-tro-kich-hoat-sim-truc-tuyen-bang...
Vietnamese government will not arrest a tourist foreigner for talking bad about the party or about Ho Chi Minh, it would decimate their tourist bottom line. If you don't deal with drugs or actively don't organise against the party, you will be fine.
There is a growing surveillance (which you cited well) but mostly for locals.
edit: oh I misread, you are Viet Kieu, not a western tourist. OK yeah that makes some sense.
and that's enormous power for those who want to centralize power into their hands.
2. Vietnam has been in the process of rolling out national biometric identification for years now as part of the VNeID [0] project, and unifying that with banking and mobile phone identification is an important part of that such as with the recent FPT Telecom announcement [1]. The aim is to turn VNeID into a super-app by 2030 [2], and from what I've seen in rural areas of the Central Highlands, it's on track.
[0] - https://vneid.gov.vn/
[1] - https://tuoitre.vn/vneid-mo-rong-dich-vu-so-dang-ky-internet...
[2] - https://tuoitre.vn/thieu-tuong-nguyen-ngoc-cuong-nang-cap-vn...
> if someone is technical enough to root his phone he understands the risks
You're looking at this from the user's perspective. Indeed, the narrative is "for your safety, you cannot export your security tokens from your device's storage" or "software that runs as root can bypass all permissions, an attacker might exploit that!", as though users can't make that choice themselves on purchased-to-own hardware. Dropping privileges (https://en.wikipedia.org/wiki/Privilege_separation) has been a thing since as long as I'm alive. Don't be fooled that this "protection" is for you :(
My guess is:
1. Person with rooted phone uses a bank app, is hacked, has their money stolen.
2. Guess where the person turns to for help? The government.
I wonder if this has become a feasible avenue for scammers to interfere via other apps they could convince someone to install on rooted phones. Or if they are worried about skilled people being able to debug/MITM and find vulnerabilities on the banks.
Though from that statement alone, sounds more of a measure to protect banks than customers.
But you do understand. If someone is technical enough to root their phone, then he is the risk.
[cough]Monero[cough]
banking is very risk averse area. and it is good precaution.
Kinda like the Wall Street concepts of "Accredited" and "Sophisticated" investors - who could never possibly fall for a Ponzi scammer like https://en.wikipedia.org/wiki/Bernie_Madoff ?
Not to say I'm a fan of Vietnam, or familiar with their ban - but when people are having their money stolen at scale, there's a very strong tendency to blame the gov't and/or financial system. And it's extremely rare for stolen-at-scale funds to not be "reinvested" in further criminal activities - which again, the gov't is expected to deal with.
That is a terrible assumption. I had a rooted phone when I was 12 to pirate games. Friends asked me to root theirs. Rooting isn’t hard and lots of people do it (absolute not relative terms)
And the idea that so-called “technical” people know what they’re doing and are hack-proof is hot garbage machismo BS. Modern attacks use social engineering and extremely technical people fall for it all the time. There were several stories on here just this week.
Whereas previously the app displays a 'whitelisted' set of UI options to the user, the rooted user could use employee only methods. Somewhere or other every bank has methods that set balances on accounts.
To be honest a law like this makes security by the extremely modest obscurity of not having an "increase your balance" button on the app UI much more tempting.
1. Incompetence. The same reason why many banks al around the world do this without regulations. Some snake oil salesman sold them a security theater SDK or library that blocks user installed or modified OSes.
2. Government control and surveillance. Vietnam is authoritarian. It only makes sense for them to participate in the global war against general purpose computing to gain complete control over their citizens' devices allowing them to restrict software, displayed content and communication to require government approval and enable total surveillance of all activity without any way to bypass this. Instead of outlawing user controlled general purpose computing directly they do it through the backdoor of pretending that it is for people's own safety.
I'm not against having a separate secure phone to use with banking apps, but that phone must be designed for security, not for Google's ad driven business model..
All public key boxes are banned and Google regularly bans new ones . That endpoint contains the list of revoked keyboxes : https://android.googleapis.com/attestation/status
But you are providing an alibi for malicious users who, for example, might try to brute force logins from unidentified devices.
That would be one reason aside from the law. You are essentially positioning yourself on the same side as intruders.
You realize in Viet Nam this means getting a "friendly" visit by the MPS/BCA, and if you continue eventually getting branded as a troublemaker.
The Vietnam government has banned phones under their user's control from using any banking app.
To give a specific example, suppose a banking app wants to require location services in order to try to login. Some users can bypass or spoof this, (in fact that's what the thread is about entirely, and for that they root the phones.
Not all users who root the phones violate ToS, but it's a majority, or even a possibility, so they choose to disallow such usage.
Pretty sensible stuff to me.
It's not just root that they block.
It's ridiculous.
On one hand, people that jump through the crazy hoops phone manufacthrers put up to get root are either technically-proficient or willing to become so and are, usually, responsible enough to keep their devices locked down and secure.
On the other hand, banks are subjected to literally all of the regulations, and breaking any of them usually incurs unbelieveable fines. Given that phones are the default computing device for most people these days and how (relatively) easily secrets can be extracted from rooted devices, blanket-banning them makes a lot of sense.
Nonetheless, modern Android is just as locked down as modern iOS, with a few exceptions (like adb access) and without the awesome hardware and software optimizations for that hardware that make video recording fast and web browsing even faster. Between this and nobody having a real answer to Apple Watch, I'll be an iOS stan for the foreseeable future.
That's the reason I mostly use online banking on the web, not on a device.
If it ever comes to that in my country I can also use my previous, unrooted backup phone to host these apps and keep it at home.
I'm not at all thrilled of the idea of carrying your credentials to your bank account on your phone, accessible via a 4-digit PIN out there in the world in the first place. For some reason, banks think it's great.
Rooted devices aren't the problem, Python scripts pretending to be rooted devices are. There's just no way to distinguish between the two. The only way to disallow automated Python scripts from logging to your grandma's bank account is to also disallow you from logging into yours if your phone isn't blessed by Google.
I am probably missing something obvious(some sort of tpm key attestation) but it feels like it would be impossible task. I mean, theoretically higher layers can check that lower layers have the correct signed checksums, but they need to use the lower layer to do it and the lower layer could just lie to them. (if isSystemFile(f_name) then return originalFile(f_name); or provide a virtual tpm).
The bank's app can then ask the OS to sign documents using the TPM's secret keys, and the OS forwards such requests to the TPM. The TPM refuses such requests from modified OS but obliges requests from an unmodified OS. The bank's servers refuse to accept documents not signed by the TPM.
Root can't pretend to be a TPM and make up some secret keys to sign documents with because the TPM's signature is itself signed by Google, so the bank can tell the difference between root's signature and a treacherous signature.
I also prefer to own my device and be root on it, while installing all the "pretend I'm non-rooted" functionality on it, I did think "this is basically installing a rootkit to tell the OS 'yes, I'm clean!'.". Then my bank (fuck them very much) decided to add a check for a locked bootloader and refused to work without it. I suppose maybe there's a way for the "rootkit" to lie and say "Yes the bootloader is locked!"?
I didn't read all the comments, but it seems to have been lost that it's a fight between freedom (allowing people to "own" their devices) and protecting the general public from harm (being scammed and losing all their money). We also have to give up some freedoms, eg. we are forced to wear helmets or seatbelts as participants of traffic, to ensure a better protection.
Consider an Open-Source Web Browser (Chromium, FireFox, ?, ???, or any open-source browser from: https://github.com/nerdyslacker/desktop-web-browsers).
OK.
We know the following:
A) That most Banks have web pages / websites which can be accessed via one or more of the above web browsers (AKA "Online Banking"), where the provided functionality is exactly the same, or very close to the functionality provided by stand-alone banking Apps
B) That the source code for any open-source web browser is available, and can be downloaded (A self-evident truth!)
From which the following understanding can be derived:
C) The security for the transactions (user authentication, authorization, etc., etc.) is NOT provided on the client side (the user's computer or smartphone) by an obfuscated "binary black box" piece of software where source code is not provided, but rather on the server side (the Bank's side!)
(Oh sure, Web Browsers provide encryption to prevent the middle segment of the communication path, the Internet, from listening in, but the encryption libraries of open-source web browsers are also typically themselves open-source, thus easily transferred to / imported into the source code bases / software component stack -- of other Apps!)
Well, if we know A), B), and C), then we also understand that a truly Open-Source Banking App, giving exactly the same security guarantees that an Open-Source Web Browser does today, is possible!
Such an app, if it were to exist, due to its open-source nature, would not be bound by artificial constraints, such as the absence or presence of an underlying rooted Smartphone, or not...
Also, in theory such an App, were it to exist, could be ran on very minimal, possibly more secure (than your average bloated Smartphone) alternative hardware...
Also, if you think about it... Bitcoin and other cryptocurrency apps -- are fundamentally that App (!) -- just that they use the Blockchain, and not a Bank, as the back-end! :-)
You know, you have a payment-provider App. It could have any number of back-ends to it... Bank, Blockchain, ?, ???
You tell me... :-)
Could we have the same level of security - or very close to it - from requiring a secure enclave like a vm running on the device for banking apps with hardware passthrough, or would there be no way for that vm to verify it has actual hardware passthrough and that it's not being tampered with?
That way you would just get the entire vm with the app from the Play Store or Apple, and nobody needs to worry about root?
Not deep into rooting scene but seems plausible to me that this has some merit if you squint at it from the right angle
Trusted agents are useful. And I'm using legal meanings, not technical meanings here - so a "trusted agent" is someone or something that is legally acting on your behalf, to perform actions as though you were performing them.
The whole fucking promise of "general purpose computing" is that citizens should be able to delegate repetitive and tedious tasks to a computer. And they should have the full freedom to pick both which tasks are delegated, as well as which agent (program) is performing them.
Instead - what we're seeing is that companies are closing off as many avenues of automation for the average citizen as possible, under the guise of security.
The problem is that selecting a neutral (trusted!) agent is really, REALLY important, and companies are absolutely not neutral. They don't want the best results for "average Joe customer", they want the best results for themselves: the company.
They will make decisions that are contrary to your best interests all the time. They have exactly zero fiduciary duty to you, and boy do they know it.
In a decent world - in a decent CAPITALIST SOCIETY (which we can already debate the decency of in the first place) you allow space in the market for modification. Ex - don't like your desk? Change it. Don't like your car radio? Change it. Don't like that tool handle? Change it. Pick a different one, even one from a totally different company. Replace it.
This allows new ideas, new growth, and prevents stagnation.
In the digital world... there are a few companies that are trying as hard as possible to prevent you from being able to change anything.
---
Want a new browser? Fuck you.
Want a different UI for your banking needs? Fuck you.
Want to watch something without the ads? Fuck you.
Want to watch something with the ads, but in a less miserable ui? Fuck you too.
Want to automate something? Fuck you.
Want to export your data? Fuck you.
Want to sell software without us taking our rent money? Fuck you.
Want to shop in a different store? Fuck you.
Can't be letting our users make decisions that might cost us money.
---
So we're seeing an absolutely insane number of "digital locks" being employed not to protect users. No - instead they're getting deployed to protect revenue at the expense of users.
The only possible outcome is that service quality degrades to the point where you literally are better off without. Because that's what happens to incentives when you let companies operate in this manner.
If the consumer has no choice - the market has no power, and what little value there is in capitalism goes right into the trash bin.
So sure - if you squint, this maybe prevents someone from making a bad decision on which agent they trust.
But the problem is that now they HAVE to trust an agent they know is going to make bad decisions for them. Hope you like the biggest ad company in the world owning you digitally... Serfdom here we come.
> malicious actors just compromise the firmware instead
surprised pikachu face
What is it? I can access their websites on a PC running as root or Administrator. What is the problem with rooted Android phones?
Well. Gone is that notion ..
They need to go further to outlaw hide root apps, and then install special app to track the status of the phone to make sure it is not rooted. Then allow police to randomly check the presence of this app on people phones. Every phone needs to be registered and pass hardware inspection every year. Even better, make so called offices where people can come and deposit or transfer money, it will be super safe.
If you mandated that they have to support Yubikey or whatever on open platforms I'd take that as a decent alternative. But just "no you must use a device controlled by somebody else" is not acceptable.
Apple is already a walled garden, granting you only access to your hardware and they see fit. Google desperately wants to follow suit by enforcing developer registration (which is just the first step). And now this. This is will happen in the EU and US as well.
And always in the name of security, safety, or "will nobody think of the children?!"
My hardware, my choice, period.
You can choose to not use the app.
The bank has a choice on how customers interact with it.
The government, regulating banks, and often acting as insurance for lost money, has a choice on setting required security standards.
Balancing all these is difficult.
All other business, including personal communications, conducted on a GrapheneOS device. These days you don't even need a phone number for your everyday device, a data-only roaming plan like silent.link is enough. This is not yet necessary in the U.S., but we are dangerously close.
I utterly detest the idea of having to use a phone for anything that I'd like to be secure. I browse Reddig on that thing. I watch porn on that thing, I don't want my porn anywhere near my bank account.
The other more compelling reason why people would have a rooted phone is to run ROMs that may still be providing OS support where the stock OS has been abandoned or EOL'd by the developer.
Having an unlocked bootloader at the minimum would be required in those scenarios. It actually saves hardware that still works from ending up in landfills.
edit: spelling
https://privsec.dev/posts/android/banking-applications-compa...