Comment by petralithic
20 days ago
How do you access banking and other sensitive apps? If the answer is, you don't, well, you can see how that's a non starter for the vast majority of people.
20 days ago
How do you access banking and other sensitive apps? If the answer is, you don't, well, you can see how that's a non starter for the vast majority of people.
My banking app works fine on GrapheneOS. There is a crowd-sourced list here with current status for many of them: https://privsec.dev/posts/android/banking-applications-compa...
This is a good start! I think we need something like a ProtonDB for this sort of thing, but that covers all apps, not just banking apps.
I do see five banking apps I use listed there as working, which is great. But -- and maybe I'm being unnecessarily overly worried about this -- what about the future? What if I've been using Graphene for a year or two, and one of the ones that's critical for me changes how they operate, and Graphene no longer passes muster as a platform it will run on. I'm not afraid of this happening at all running Google's stock OS image, but once I do my own thing, I get to keep the pieces when it breaks.
I love how so many of the responses in this thread are "it works for my particular bank" or "my bank's website is good enough" or "I'd only need it to deposit checks, but I never need to do that"... as if those are actually helpful responses to this general problem.
Many many people have banking apps that will not work on non-Google-blessed devices, use banks that have mobile websites that are terrible, and need to do mobile check deposits (which is usually only available in the app, and not the mobile website, if the bank even has one). And no, we're not going to "change our bank".
The reality is that there are so many things that break, sometimes in subtle ways, when you try to use an alternative Android OS. Some people may not have any problems, and that's great! But many -- I would dare to say most -- will.
And there's also a ton of uncertainty: I don't really want to wipe my phone, install GrapheneOS, spend hours messing with it and setting it up, only to find that something critical doesn't work, and now I have to flash back to the stock OS, and hope I can restore everything the way it was.
There's bound to be tradeoffs between scrappy open source communities and trillion dollar industry behemoths. The fact that it's this close of a call is pretty amazing. And really you can blame your bank for not making a usable mobile site. A lot of businesses like to force users into apps because it helps with engagement metrics, not because there's any functional benefit.
Its not even a matter of tradeoffs - banks just suck major ass so, of course, their piece of shit apps are extremely fragile and only work under just the right conditions.
That's not any OS' fault, that's banks fault. That's been my experience with every bank I've used so far and yes - they often break on certified OS' too! I've been on the phone with support!
Because they make bad software, period, and we're all just forced to use their bad software.
Most banking app work, either directly or with a settings change to allow Google Play Service emulation. [1]
[1] https://grapheneos.org/usage#banking-apps
Second phone for all official business apps, banking, etc. Never leaves home and it's used only for this purpose
Then use a laptop instead? Or you have one of those "modern" banks that's app only?
This is probably the only real solution. It also makes sense from a getting mugged or breaking your phone perspective. At this point, my phone is probably more important than my IDs and passports.
A web browser in the worst case scenario. The same way you'd do it on a computer.
This is quickly disappearing as an option as well. I need my bank app to authenticate even when using a web browser on desktop. Luckily my banks app still works on GrapheneOS, but I suspect it's only a matter of time before they disable that because of "security" reasons.
Android apps will be the IE6 activeX controls of the future.
What bank is this? No bank I know /requires/ you to use a mobile app for anything; the web is enough. 2FA can usually be done via email, SMS, or a google-authenticator-compatible app.
7 replies →
Is that a jab at grapheneOS ? Because thats just another thing that google is borking up. And a little bit more so the banks themselves.
GrapheneOS is the way that all phone operating systems SHOULD be made. Layers and segregation between your banking apps and all the privacy breaking trash and malware you can get off the app store.
It is the banks and google making weird rootkit shit to try and lock down things that is the problem here.
What's wrong with their web apps? The only real shortcoming I can think of is depositing checks digitally but I haven't had to do that in years.
Unfortunately I have checks to deposit every couple months. And my bank has no physical presence, so the only way I can do it is through the mobile app. (They also accept deposits by mail, but I'm a little wary of that; a lost check would be a huge hassle.)
As a GrapheneOS user, the way I access my banking app is by downloading it from the Google Play store just like everyone else.
They don't all work, though: too many crank up the settings on google's various 'integrity' checks and will fail on anything that isn't 100% google-blessed. (Which is insane, because that's all that's required: on a previous phone of mine, it worked fine with a stock ROM with a bluetooth-based RCE, but upgrading to a custom ROM would have meant it was 'insecure')
My credit union app already wants 24x7 GPS tracking of my location and full access to my camera at all times and full access to my collection of photos, so the app is already dead to me anyway. Demanding that I use it on a locked down device isn't going to change anything for me, I'm already actively not using it. I use the website on a desktop, I rarely need to access my CU at all much less access it remotely. Given the large amount of battery and bandwidth already used to track my every move, I wish there was something like "Docker for phones" where I could enable and disable 24x7 full access to my every action IRL.
This is absolutely insane. If you block access, does the app stop working?
Uh, my bank has a pretty good mobile website, personally.