Comment by nuker
1 month ago
> No, we have convenient online services in spite of the endless security theater that permeates consumer tech.
Disagree. No banking app can resist root access owned by attacker.
1 month ago
> No, we have convenient online services in spite of the endless security theater that permeates consumer tech.
Disagree. No banking app can resist root access owned by attacker.
Why is the banking server trusting the client? Thats criminally incompetent security. If your website gets hacked because a client had "root" whose fault is it?
Because the unknowing user has entered their auth credentials?
I see the cause of confusion. I was assuming and talking about the case of the legitimate user have a root/non locked down device as being imputed as the "attacker". I don't think he was talking about other people stealing or having acces to your device. And in any case, all bets are off then if you meant that scenario. At least with a browser user can choose not to save passwords and the attacker won't get bank creds, so even in that case a web app would be better.