upvote

points

by Anonyneko20 hours ago |
comments
upvoteby ryandrake19 hours ago|
next
[-]
What we need to push back on is making a phone a requirement to do routine banking and conducting other necessary business. There is no reason I should be required to have a phone in order to query my balance or transfer money to someone, when I have a perfectly good computer sitting here.
reply
upvoteby shafoshaf19 hours ago|
parent|
[-]
The physical keys, like Yubico, help with that. However, I have not been convinced that a password manager with unique, strong passwords on all my accounts shouldn't suffice. I don't know why I have to be penalized because other users don't use best practices.
reply
upvoteby dpacmittal6 hours ago|
prev|
next
[-]
Bank apps in India don't run on rooted phones, need developer mode and adb disabled. At the same time, their website works fine on Firefox on Linux where I can literally go through all their front-end source, attach and run debuggers.

What even is going on? Why are banks doing this security theatre when all their apps are doing is calling some backend apis?

reply
upvoteby ulrikrasmussen6 hours ago|
parent|
[-]
I think most bank apps in the western world also refuse to run on rooted phones. To my pleasant surprise my banking app worked on GrapheneOS though.
reply
upvoteby gonzalohm2 hours ago|
prev|
next
[-]
Is Linux for phones a thing? Or are you referring to GrapheneOS or LineageOS?
reply
upvoteby anonymousiam20 hours ago|
prev|
next
[-]
In my informed opinion, anybody who does banking on their phone is taking a big and unnecessary risk. I wish I could say more.
reply
upvoteby TFNA16 hours ago|
parent|
next
[-]
> anybody who does banking on their phone is taking a big and unnecessary risk

It is not necessarily a matter of choice. Besides what the other commenter notes about 2FA, in some countries banks have been removing functionality from their online-banking website, and you can only do certain things in the phone app.

reply
upvoteby cesarb9 hours ago|
parent|
next
[-]
> in some countries banks have been removing functionality from their online-banking website, and you can only do certain things in the phone app.

The most infuriating I've seen, is a bank which removed the anual tax report (which you need to do the anual income tax) from the online-banking website, requiring you to use the phone app... to download a PDF file, which you then have to transfer to the computer anyway so you can print it!

reply
upvoteby literalAardvark4 hours ago|
parent|
next
[-]
You can print from your phone, and also you probably don't even need to print it.
reply
upvoteby fragmede9 hours ago|
parent|
prev|
[-]
Fwiw, iOS lets you print to network attached printers directly, no macOS needed.
reply
upvoteby eks3917 hours ago|
parent|
prev|
[-]
This annoys me to no end. I have an old phone that I boot up occasionally because it holds all the apps that I only need once per year for a niche feature that is only accessible in their app. I don't need 200 apps on my main that I would otherwise never open.
reply
upvoteby Anonyneko19 hours ago|
parent|
prev|
next
[-]
See, the thing is, here you can't use banking on your computer without having a bespoke authentication app on your phone. There used to be a system of one-time codes sent via paper mail, but even that has been scrapped by now, so using bank ID apps is literally the only option across all of the local banks. In my bank the ID app and the bank app are even different apps, and it's the ID app that's the truly important one to have (and that, of course, hates rooted/modified phones with a passion).

The government services also go through these ID apps, although there is a poorly supported alternative that uses USB smart card readers. I have not seen a single person actually use it, probably for a reason, though I'm planning to get one just to have a backup...

reply
upvoteby nikonyrh1 hours ago|
parent|
[-]
At least in Finland's Nordea bank you can order a physical code calculator, they used to be small enough to keep on your wallet but the new one is the size of an old small phone. It even has a QR scanner. So I just keep it at home.
reply
upvoteby unethical_ban19 hours ago|
parent|
prev|
next
[-]
I see you suggest you can't say more, but I'll still ask the questions:

Is it a privacy or financial risk to have banking on your phone?

How is banking on a phone app more dangerous than banking via mobile or desktop websites?

reply
upvoteby anonymousiam7 hours ago|
parent|
[-]
It is a privacy risk, a financial risk, and a security risk.

The issue is the platform. Obviously there are issues with desktop platforms too, but those are easier to mitigate.

reply
upvoteby catcowcostume10 hours ago|
parent|
prev|
[-]
Not a choice if you live in a "developed" country
reply
upvoteby autoexec6 hours ago|
parent|
[-]
I live in a "developed" country and don't have a banking app on my phone. It's a choice. Sometimes it's a choice of which bank you bank with. Sometimes it's a choice to stick with more traditional means of interacting with that bank and not even checking your account using a website, but it's absolutely a choice.
reply
upvoteby jwrallie13 hours ago|
prev|
[-]
I think this is the only long term solution, even if cumbersome.

I’m curious what secondary devices people are using. I have a second hand Surface Go running Fedora 43 with Gnome, it’s a bit big but it’s doing its job well.

reply