Comment by cwillu
6 days ago
It won't though, because there's a ecosystem of banking/insurance/whatever apps that have bought into the android/iphone lockdown mindsete that people will simply be locked out of. Open alternatives can grow when there is a viable means of slow growth, and cutting off the oxygen to such things is the implicit intent.
> banking/insurance/whatever apps
I know banking apps are the typical example, but I've always wondered why. I use my bank's app maybe once or twice a year when I need to Zelle someone, which I only need to do when they don't have Venmo. (Unless we consider Venmo a banking app.)
I only have one bank's app installed, the rest of my banks I only interact with over their website, on desktop.
As for insurance, I've never had an insurance company's app installed.
Am I just an outlier here? Honestly, if I switched to a non standard OS, I'd be more annoyed about losing, say, Google Maps, Uber/Lyft, or various chat apps. Banking and insurance just don't come to mind at all as something I need my phone for.
My bank sends me an alert when my card is used to make a transaction - handy for spotting fraud.
I get an alert when a payment comes it - handy for knowing if a client has paid.
I can quickly check my balance - handy for knowing if I can afford another round of drinks.
I can repay a friend in two taps - handy if they've paid for dinner.
Is anything essential? No. Is it something people use multiple times per day? Yes!
I can get alerts in email or messages, no need dedicated app for that, I can track there also my balance, so only useful thing app provides are easy wire transfers from phone, which I never do, if I wanna transfer money is much more convenient work big display, proper keyboard and mouse than from phone.
23 replies →
Could all of these be handled through openbanking?
1 reply →
You're definitely not alone. I just checked the list of installed apps on my phone and found three different banking apps that I completely forgot about because I never use them. I installed them because I thought it would be convenient for checking things on the go, but I actually just end up using the computer whenever I need to do real banking business. The only finance-related app I use with any regularity is Venmo for e.g. paying back a friend for covering dinner.
Another commenter mentioned needing to get alerts for fraud, but none of the financial institutions i'm currently doing business with have any trouble sending me text messages. In fact I have the opposite problem, I can't get them to stop using text for 2FA codes...
2FA is a requirement in Europe. I can't log into my bank account without my phone being able to run the app.
But 2FA is moot if it’s the same device as your bank app, is it not?
5 replies →
The "app" is probably a web page written in JS. Rarely its a native app in either Kotlin or Swift but then you have to maintain 2 different apps in 2 different languages with 2 different OSes for the devs. So unless the app really specifically requires something special, its just a web page. Even (and especially) your banking app.
2FA and Google SafetyNet are two completely different things. Your banking app can implement 2FA without SafetyNet.
1 reply →
I would stop using bank requiring phone app to do banking, simple as that, both my main EU accounts use sms verification codes and extra password, which is fine with me. If they will require an app, they will lose customer.
1 reply →
2fa does not mean smartphone. There are other variants too
I haven't had issues with the mobile apps of 3 of the most major US brokerages. They run fine on rooted phone. They do everything I'd want a bank to do anyway.
Ditch your bank if they have issues. If their retention department asks why you're leaving, tell them their app doesn't work.
> Ditch your bank if they have issues.
This is what I was thinking as well, TBH. I'm not particularly tied to any of my banks, I already did mostly switch off of BoA because their website was so bad.
Good to hear everyone's responses in the thread though, some stuff I definitely didn't consider.
"I'm am just an outlier here?"
No. The "banking app doesn't work" argument against non-corporate mobile OS, raised incessantly is HN comments, is bogus
I want a "phone", i.e., small form factor computer, that can run something like NetBSD, or Linux. But I have no intention of using it for commercial transactions. Mobile banking is not why I want to run a non-corporate OS
I want to use it for recreation, research and experimentation
NB. I have more than one "phone". The choice is not corporate mobile OS versus non-corporate mobile OS, i.e., "either-or". I can use both, each for specific purposes
> I want a "phone", i.e., small form factor computer, that can run something like NetBSD, or Linux. But I have no intention of using it for commercial transactions. Mobile banking is not why I want to run a non-corporate OS
> I want to use it for recreation, research and experimentation
I am a firm believer that phones are personal computers and should have all the end user freedom we have come to expect from personal computers. I am totally behind what your saying. (The amount of irrational anger that wells up in me when I hear someone make the argument that phones are somehow not general purpose personal computers and shouldn't provider their owners software freedom would astound you.)
Personally, I opt out of services that require the use of phone "apps" and any potential attestation they provide. Unfortunately, I just offload those needs onto my wife and her iPhone.
Want to go to a concert in a TicketMaster venue? You have to have a phone. Pay to park in some places requires a phone. Mobile ordering for some restaurants requires a phone.
I don't think it should be this way, but it is. I think we need consumer regulation to insure software freedom on phones and curtail awful user hostile "features" like remote attestation.
Until that happens (if it ever does) there is a realpolitik with needing corporate phones for some activities that can't be denied.
18 replies →
> I know banking apps are the typical example, but I've always wondered why
My bank uses the app for 2FA, and that became a sort of a standard in Brazil, AFAIK. Mine at least gave me the option of using an RSA SecurID or sth alike when I asked, but I don't know how much it would cost me.
My stock broker on the other hand does 2FA exclusively on mobile (and only Android and iOS). The same for the health insurer.
My car insurer didn't force me to so far, which I find strange, given their interest in tracking my location and speed.
These were some of the major factors leading me to give up on using a feature phone when I tried, a few years ago. It was a good experience, especially at those times of pandemics and political instability, but the inconveniences were many.
Banks often use their app for a second factor auth. here.
Country dependent of course, but recently i observe steady push from banks to adopt mobile app. Some have webui neglected and glitchy, some openly announce sunsetting, some already killed web access only allowing app.
And this tendency will prevail as bank can collect way more data this way. Just a month ago one of banks that is often praised here sent me a letter saying “your IP activity doesn’t match your residence” (and i am not even installed their app, they pulled data from web ui usage. Imagine what happens when they get access to data mobile app can supply
> I know banking apps are the typical example, but I've always wondered why.
It's because Google created this thing during backroom conversations with bank associations from a handful of countries.
Sounds like you’re using Venmo to fill the same role as a banking app (sending and receiving bank transfers).
Many other countries simply rely on banking apps for these things, and don’t have a separate service for this kind of transaction.
Here in NL many banks (not all) require their iOS or Google app to log into their home banking on a PC/browser.
My main bank is Commonwealth aka CBA (one of the "big 4" banks here in Australia). For a long time, I held out against installing their mobile app (on Android), and managed fine with their web UI (and with 2FA codes via SMS). Then, 2 or 3 years ago, I needed to start using PayID (sort-of Australia's version of Venmo, ie free instant transfers, except it's supported directly by all the major banks here). And I discovered that CBA had (deliberately?) only added PayID support to their mobile app, you absolutely can't use it in their web UI (last I checked). So I had to finally relent and install the mobile app. I started out only opening it on the rare occasions when I needed to send money to someone via PayID.
Then, a while later, CBA pretty much phased out SMS-based 2FA (or they said that if you had the mobile app installed then you can no longer use it?). Only other supported option is in-app 2FA (no support for third-party TOTP apps). So I had to start opening the mobile app every time I needed a 2FA code. Then, within the last year or so, they made a new rule, that in order to log in to the web UI at all (just initial login, I'm not talking about sending money or any other high-risk action), you had to receive a push notification via the mobile app and tap "allow". So now I literally can't log in to the web UI without also logging in to the mobile app!
So, unfortunately, "just keep using the bank's website on desktop" is increasingly and deliberately becoming not an option. I assume there are many similar stories with other banks around the world.
I paid someone via payid via the web ui. Was via an email address. It was a while ago though and haven't used it since. Also I've never used the app since the blocked rooted devices, magisk stopped working (cause of safetnet) and moved back to sms "security". I just logged in then without having to enter a code. I do note you need to allow browser fingerprinting to allow the login to work. Otherwise it's some generic error.
I've made a lot of noise about it so maybe they've "unblocked" me to shut me up. Email the CEO so it registers a complaint. Make some noise. Definitely have another bank though as you can't just depend on one.
So, leaving aside the discussion about whether someone wants to use their bank's application or not, what's the bank response if their application just doesn't work in your phone? That you must purchase a new phone or be locked out of using your account?
I hope, now that the debate about our excessive reliance on American tech is on the table, that we also put limits on those essential services, like banks, imposing the usage of products from only two companies (Google or Apple) in order to operate. I think that goes at least against the spirit of the European Union.
2 replies →
Fair point - but then take national eID apps instead.
Take Denmark, for example: most banking apps use eID for login, so that problem translates 1:1. But other apps who do the same include the national school communications platform (which is pretty much mandatory for a huge chunk of the adult population, who need to look at it almost daily). Also: social security card (including health portal/doctor booking/comms), driver's license, bus pass, parking app, used-stuff-marketplace, ... eID is _everywhere_ because it's a good idea.
Sure, all of this can be done on a computer. If you're near one. Or you can have separate and physical cards, like we used to have. That still works, mostly: more and more services (eg. bus pass) are going digital-only.
Really, what we need is a top-down embrace of open-source-based platforms as being _as_ (or more) secure than the established tech giants. From governments down, organisations _should_ move away from locked-down (foreign) commercial interests.
I'm not holding my breath though.
Some banks' only interface is the mobile app. And in Europe people typically use their banking app for P2P payments (no need for an app like Venmo)
Have you not had a company block you from doing something on the web and force you to use an app for it?
I can't deposit checks over the website, and I use a bank with no physical locations near me.
That's true, but the notion that we're still using paper checks in 2026 is so crazy. And yet they remain the cheapest way to handle many transactions in the US financial system. Like a lot of small healthcare providers still prefer to receive paper checks from insurance companies because the electronic payment processors take a 3% fee.
4 replies →
The best solution for this is to buy a $30 burner phone at Walmart and use it unactivated, tethered to your main de-Googled device. You can use the burner for only tasks requiring Play Integrity.
Make sure to leave one star reviews on all such apps that you run into.
Yes. However, I already carry a tethered hand-me-down quarantine phone where I install my work apps and undesirable apps like Whatsapp (for those loved friends and family that can't or won't install Signal). Carrying a third phone for "Play Integrity" starts being a bit much.
Anything movement that requires people to routinely acquire a second phone is doomed to failure (in the “this will never become a mass movement” sense)
Yeah, it's one thing for a bunch of HN nerds to do it- the masses will not, and the masses are what move the needle.
And if it is not “successful” then it’s literally making your own life more difficult for no real effect in the world
I’ve found the mobile websites for a lot of these cases to be fine. Not a great UX but not a blocker
And if your bank only does 2FA via app?
Complain. Mine wanted that, but after complaining they offered me SMS. If not, I'd have closed my account there. At least here in Spain there are plenty of banks that don't force you to use apps. I also leave bad ratings for banking apps from time to time, and bad comments on X.
2 replies →
Wait till you see how hostile Reddit is when you try and access via a browser on a phone
That’s how I browse Reddit actually. It is a bit janky, but I don’t like ads. Brave is reasonably good at giving you ad free Reddit on mobile
I only use old.reddit.com
Reddit is the epitome of enshittification.
In theory, it's possible to have a third party (other than Google or Apple) to provide attestation on third party hardware.
You can have a separate core and kernel to run such code. They don't have to be powerful, but they'll need to be small enough to be verified by the said provider. For most of the code that doesn't need attestation, they can be executed on normal hardware.
The provider also has to convince the regulator or banks to trust them. However, if that's solved, the user should feel no difference between pure Android and alternative platform plus attestation.
GrapheneOS supports remote attestation, but banks have to add the fingerprint of the official GrapheneOS verified boot keys:
https://grapheneos.org/articles/attestation-compatibility-gu...
Some banks even do.
In that case a two phone approach makes sense. I was willing to try that out, to give Ubuntu Touch a trial on my main phone. This might incentivise it even further for an off-ramp of the Google/Apple duopoly.
I’m old enough to remember the days that banking apps required Internet Explorer and didn’t work on Firefox. Eventually, they were dragged kicking and screaming to support all modern browsers.
The Wero payment system will cover the entire EU but apparently doesn't have a web portal the way ideal has.
Soon we Europians will only be able to pay using either an iphone or an Android device.
Hilarious
They will say: hey, now you're free from Visa and Mastercard for your payments! (only to be forced into the Google/Apple duopoly, which is far worse).
So what you're saying is we go after the banking system next.
Decentralized banking is the future!
INB4 someone mentions some edge case like 'grandma got scammed' or refunds.
Don't banks/insurers/whatever have websites that are often mobile friendly?
In EU/UK, some are sadly app only. I avoid those. Many others are pushing apps as a 2FA, even if you use their website. You need to insist to get another authentication system, like TAN. Some governments are also pushing mobile IDs.
The best Linux for phones, SailfishOS, has a fairly good Android compatibility layer that runs many bank apps well. But despite that, it's an uphill battle. The network effect of the duopoly is gigantic.
Microsoft's shit show seems to be pushing Linux adoption
LMFAO what are you doing on your banking app all the time
It only has to be something I need to be able to do but can't once a month to be a dealbreaker.