I don’t use banking apps, there are few features necessary for an app, and they all havw trackers in them. I make PWAs and all my banks and credit card sites work just fine.
If your banking app does not work, use your banking website. If your banking doesn’t allow you to use their website, switch banks, because that means they don’t give a fuck about you, and probably want to make you use their app, because it has trackers in it.
You are not the first one to ask this, and you won’t be the last, but I am so damn sick of people asking, will my fucking banking app work? Fuck your fucking banking app. Why are people so willing to compromise their security for a fucking banking app?
No bank gives a fuck about you. You are right but just for perspective, banks here use their app for 2fa with the only other option being sms (which doesn’t even work half the time) and which bank you use is pretty much dictated by your employer. Banks aren’t even that bad as some countries require an app for gov id which may or may not work on grapheneos.
This is a regulation problem, it’s not going away. The most a user can do is keep a second phone with android just for verification. I really wish we could just move to yubikeys at this point.
Your bank does not need to use the app trackers to spy on you. They already know everything important there is about you.
What the banks are worried about is fraud. Fraud costs them money. But the thing is, the app development cycles are long and complicated, and instead of a pragmatic approach, they just bolt on more and more obscure non deterministic authentication schemes and heuristic checks. That’s why the app wants to know things like your location and access to the list of other installed apps, and simple username and password are not enough to let you through anymore.
The device attestation for them is probably just another checkbox to tick on the list of “at least we tried”. Regardles of whether it’s actually relevant for security. As long as it saves them more money that it costs them, there’s no reason to not enable it.
Then just get yourself a really fucking cheap secondary phone that you only turn on when you need to verify your banking. And that’s it. That way you can still verify your bank shit, but the spyware doesn’t get to have always on access to your primary device.
We now come to the oblicatory question: Do banking apps work?
I don’t use banking apps, there are few features necessary for an app, and they all havw trackers in them. I make PWAs and all my banks and credit card sites work just fine.
If your banking app does not work, use your banking website. If your banking doesn’t allow you to use their website, switch banks, because that means they don’t give a fuck about you, and probably want to make you use their app, because it has trackers in it.
You are not the first one to ask this, and you won’t be the last, but I am so damn sick of people asking, will my fucking banking app work? Fuck your fucking banking app. Why are people so willing to compromise their security for a fucking banking app?
Nothing personal against you, by the way.
No bank gives a fuck about you. You are right but just for perspective, banks here use their app for 2fa with the only other option being sms (which doesn’t even work half the time) and which bank you use is pretty much dictated by your employer. Banks aren’t even that bad as some countries require an app for gov id which may or may not work on grapheneos.
This is a regulation problem, it’s not going away. The most a user can do is keep a second phone with android just for verification. I really wish we could just move to yubikeys at this point.
I just did that and it’s so simple
Your bank does not need to use the app trackers to spy on you. They already know everything important there is about you.
What the banks are worried about is fraud. Fraud costs them money. But the thing is, the app development cycles are long and complicated, and instead of a pragmatic approach, they just bolt on more and more obscure non deterministic authentication schemes and heuristic checks. That’s why the app wants to know things like your location and access to the list of other installed apps, and simple username and password are not enough to let you through anymore.
The device attestation for them is probably just another checkbox to tick on the list of “at least we tried”. Regardles of whether it’s actually relevant for security. As long as it saves them more money that it costs them, there’s no reason to not enable it.
The EU has standards for security and banks require you to use a phone, and the banks don’t give a fuck about outliers.
That’s BS i’m in the EU and i can use homebanking.
Also most banks here still use SMS verification, so much for security.
Then just get yourself a really fucking cheap secondary phone that you only turn on when you need to verify your banking. And that’s it. That way you can still verify your bank shit, but the spyware doesn’t get to have always on access to your primary device.
You can check if yours work. Mine do, fortunately: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
Mine does, but I don’t use it since hardware TAN generator.
That was also my biggest concern before switching to a degoogled custom rom. At least for me in germany i had no issues with any of my banking apps
I’m sure they’ll do their best to not work (the banking apps)