Comment by SchemaLoad
4 days ago
You can do that, there are custom roms and open source phones. The problem is banks are legally obligated a lot of the time to pay out for fraud and scams. So in response they won't allow you to run their software unless they can verify the compute environment.
So why can I access my bank account just fine via the website on my phone, but shouldn't be able to do the same via the app? Can't they offer at least a PWA version of the website for custom ROM users?
People tend to distrust websites. URLs are also an immutable ledger that guarantees you’re in the right spot. The web is surprisingly robust for security.
What guarantees your banking app is the right one? A PNG and an app name with no security whatsoever.
Isn't that more reason to go to your bank's website: to download the apk and then verify the hash of the downloaded apk before installing it? That would make me way more comfortable than the current system of "pray this app on the play store is actually my bank's".
But that doesn't guarantee anything? Even if the official banking app requires tons of verification, that doesn't prevent me from modding their banking app and redistributing the modded version to up to 20 people.
> People tend to distrust websites.
How did the world come to this when the internet long predated smartphones and so many "apps" are little more than bookmarked wrappers around websites?
> People tend to distrust websites. URLs are also an immutable ledger that guarantees you’re in the right spot.
Typosquatting would like to have a word with you.