Comment by colordrops
1 month ago
Use a rooted Android phone with AFWall+ installed, with default block rules. Even just LineageOS allows you to set granular network settings per app, though it's not preemptive like AFWall.
1 month ago
Use a rooted Android phone with AFWall+ installed, with default block rules. Even just LineageOS allows you to set granular network settings per app, though it's not preemptive like AFWall.
Can't run various banking apps and can't run PagerDuty on a rooted device due to Google Play API Integrity Check. The ecosystem is closing in on any options to not send telemetry, and Google is leading the way in the restrictions on Freedom.
> Google is leading the way in the restrictions on Freedom.
They're the ones allowing you to root your phone or flash a custom ROM in the first place, so that's not a fair characterisation. Banks have a vested interest in reducing fraud, and a rooted Android might allow for easier and additional attack vectors into their apps and thus systems.
Naw, using Magisk and it's zygisk denylist it usually works. I haven't been blocked by an app yet, including pagerduty.
You can, with magisk.
That's a cat and mouse game, and some banking apps still manage to detect rooting, and so does Netflix and Google Pay.
2 replies →
“Use a rooted…”
Aaaaand no.
So you don't want to actually own your devices?
This line of thinking ignores a whole bunch of legitimate reasons why people knowledgeable enough to root their phone still choose not to, not least of which is that I have to exchange trusting a large corporation with a financial incentive to keep my device secure (regulations, liability) with an Internet anon with incentive to do the opposite (no direct compensation, but access to banking apps on the user’s device).
Even in the case where I’m willing to risk trusting the developer, they have literally zero resources to pen test the software I’ll be running my banking apps on, and in the case of Android roms need to run known vulnerable software (out-of-support source-unavailable binary blobs for proprietary hardware that were never open-sourced).
The same argument was made about TPM’s on PC’s and against Windows 11 for years (that they should just be disabled/sidestepped). It only holds water if you don’t understand the problem the device solves for or have a suitable alternative.