Comment by leidenfrost

These days banking is one of the things for which a phone is required for. It is used as the primary banking device for most people, and for the rest it is required for two factor authentication when logging in on a PC or to verify online transactions.

Maybe some bank would allow you to use some third party two factor authentication device to log in sometimes, but most (if not all) would require you to use their "app".

In my country, banks force us to install "security modules" in order to do this. Once upon a time, back when I used Windows, I got bored and tried to pry one of these things open to see why they made the computer so unusably slow. I caught it intercepting every single network connection and doing god knows what with them. That told me all I needed to know.

It used to be that Linux users like me were exempt but at some point they added Linux support. Now there's a goddamn AUR package for this thing.

https://aur.archlinux.org/packages/warsaw

https://aur.archlinux.org/packages/warsaw-bin

> Banking security tool developed by GAS Tecnologia

Yeah. Banking security tool. Who the fuck even knows what it does? It sure as hell isn't me. That thing is not going anywhere near my system.

I really don't understand why they do this - what is so special about banking apps vs a banking site in a web browser.

What is the particular threat model of a rooted phone?

People in Europe no longer can, thanks to PSD2.