Comment by therein

15 days ago

> so there was a bigger hope for a successful rebelion.

Not if you want to run banking apps on that device.

5 comments

therein

Reply
stavros  15 days ago

I'm willing to lose the banking apps and just use the website if it means I can have an open device.

  • therein  14 days ago

    Same but banks are cramming in more and more app-only features.

    That's why a dedicated device for them is going to be my workaround. I could see myself having GrapheneOS on my primary device and having that act as a hotspot for my small "certified" device that I do my banking on.

hks0  14 days ago

At the time, the banks weren't app first. It was USSD, SMS and web, so they didn't care.

But yes, the banking and streaming apps too (regardless of their existence being good or bad or even justified) are yet another nail on that coffin.

codedokode  15 days ago

Why do you need a banking app, do you want to share your contact list and geolocation with the bank so badly? Do you need a bank app's antivirus to scan your phone and flag you as a suspicious user? Are you missing notifications offering a credit card with 45% yearly rate? Do you want to make investments while riding on a train while several suspiciously looking beggars carefully look at the numbers? Do you want to allow anyone who has a Linux kernel exploit to access your bank account?

I don't understand. It's unsafe and inconvenient.

  • Macha  15 days ago

    You need a banking app to use the bank's provided 2FA to log into the bank's website (no, they don't support TOTP or passkeys or other vendor-neutral solutions) if you want to do any online banking on your other devices.

    You also need it to receive the PIN for the credit/debit/bank card that allows you to pay for things in stores, or to withdraw money from the ATM if you'd rather use cash.

    If you'd like to send money to your friend, for example to split a bill or for any other reason, then you either need to do that in the app, or do it on the website but with 2FA on the app.

    ---

    This is the norm for all the banks here, citing PSD2 compliance. I'm sure it's not the only way they could have complied, but it's the lowest effort and banks are nothing if not conservative, so once one bank gets the OK for a given solution, they all follow suit.