Comment by EMIRELADERO
21 days ago
So that's it then.
If this actually goes through, there will be no option in the mobile OS market for an OS that both:
a) allows the installation of apps without any contractual relationship with any party, and
b) allows the use of mainstream and secure apps like banking
In time, you will only be able to access banking from your desktop using an approved OS and browser with attestation...
For what conceivable reason would they make the users go on desktop, considering mobile is in the process of being fully locked down?
If anything, they'd eventually deny access from desktop, forcing everyone to login via the fully manages mobile devices without any user freedom.
Some banks are already getting there btw, as their preferred 2fa is a companion app... One small step away from making that the only option, effectively denying access to anyone without a locked down mobile device.
A recent real life example:
You can apply for an HSBC Global Money Account if you have: […] The HSBC UK Mobile Banking app (Global Money is only available via the app)
From https://www.hsbc.co.uk/current-accounts/products/global-mone...
It's already that way in my country. The few banks that still have the web version only support it for their business clients, and it's only something like two or three banks. If you're a regular client, there's not a single bank left that you can still use without a smartphone (unless you're ready to visit a branch for every little thing — so pretty much daily).
5 replies →
I think they worded that poorly, but didn't mean what you got from it: the point I'd take isn't that they will require you to have a desktop, but that even desktop will also have the same restrictions, so it isn't just a mobile problem.
1 reply →
This happened to me recently in Austria, I had to get a new phone to be able to do internet banking. You can only use the app with attestation from the PlayStore, AppStore or surprisingly Huawai store.
When I complained repeately that this was forcing me into an American or Chinese ecosystem, they said that no one cares and I'm a minority :-(.
For the desktop, you need the phone for the 2FA.
What gp is saying is that to access banking form desktop will require an approved OS and attestation just like on mobile. The current state of affairs is that an approved OS and attestation are only required on mobile but not on desktop
most banks require 2FA or similar to confirm logins and operations. There is no way around it, this is the world we are heading towards: 2 companies in the entire planet decide who and what can be done online.
Actually my bank already requires me to use the phone app for any operation on the website. When I want to login from my laptop I need to use my phone with their app to approve the login, same for almost any operation.
Ah, and it can only be installed in one device at the same time :D Don't have your phone available? Bad luck for you
> can only be installed in one device at the same time
I neither like nor understand this restriction. It makes device failure / loss / theft a much more difficult experience to recover from than it would otherwise be. The device should be throwaway. I specifically keep old phones in case something happens to the new one.
WhatsApp is probably the stupidest example of only being able to be on a single device (but I'm forced to use WhatsApp for one specific purpose, so I already resent it). Signal does the same thing, so maybe it's related to the E2EE that WhatsApp licensed from Signal...
5 replies →
I have a huge problem with companies using their own apps for 2FA.
Google started doing this for Gmail. To use Gmail on my laptop, I need to approve it with Gmail on my phone. I never signed up for this. I’m now afraid if I delete the Gmail app from my phone that I’ll lose access to my email.
I hate the direction “security” is taking us. It’s done in the name of security, but it feels more like blackmail to get and keep the company app on your phone.
3 replies →
De facto, this is already the case - you can use your computer as a display but to actually authorize a login or transaction you need your phone with said attestation.
Not true for either my AIB or Wise account.
6 replies →
A dedicated app on a locked down OS is vastly more controllable than something like a browser that can do virtually whatever it wants.
Controllable by whom? I don't do any banking on my phone exactly because I don't trust my phone to keep anything I do on my phone private.
How it generally works iso low risk operations have no restrictions, but if you want to send a large amount of money to a new contact, the banks make you approve the transaction on the phone app.
Phone apps are generally significantly more trusted because of the fact you can’t install malware that steals the session token, and they can do a Face ID check before any risky operations.
I'll just have to disable it and choose a banking app that works on the browser. Tonnes of my apps are sideloaded. Quite a few are on the playstore or the dev might upload their details.
Is it confirmed that we will even be able to disable this?
Worst comes to worse you can install something like GrapheneOS (assuming your device has an unlockable bootloader)
1 reply →
How will you login to the banking app in the browser without a locked down phone? In Germany, MFA is enforced and with many banks the only allowed second factor is an app on a phone.
Time to find an old second hand phone if you live in Germany, I guess. And start pirating Netflix shows that you want to watch on your phone.
Banking apps were at the forefront of freedom-eroding "safety" for a long time now.