Privacy

43957 readers

340 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

GrapheneOS Banking app help (lemmy.world)

submitted 1 month ago by mikedd@lemmy.world to c/privacy@lemmy.ml

21 comments fedilink hide all child comments

Hello all!

I have a situation and I was curious what other people recommend me do.

I have a Pixel 8a with GrapheneOS on it and have setup a separate user profile to have work stuff and my banking app on. At the moment my bank doesn't have a web interface, it exclusively uses the phone app to do everything. (apparently they'll be releasing the web version of the app next month but I have no other extra information on how it will work or whatever)

I've noticed that periodically they do some kind of scan that ends up blocking me from using the banking app (it locks it down with an alert that says something along the lines of: "your device might be rooted and compromised").

First time this happened I had to call them up and they sent me from one department to another and 2 days later I had access back in the app. Now this happened again (3 weeks since the first time) and I'm gonna have to call them up again.

My question is, should I buy a cheap android phone (I've been looking at the Moto E15) and lug it around just for banking and occasionally for the microsoft authenticator for work? Is this a common thing that people with a similar issue do? Should I just wait for the web app (problem with that is that all internet purchases have to be confirmed via the stupid app and idk how that will be handled when the web app rolls out)?

Sorry if this is the wrong place to ask this and thanks in advance to those who take the time to reply! 🙏😅

you are viewing a single comment's thread
view the rest of the comments

[–] Creat@discuss.tchncs.de 12 points 1 month ago (1 children)

They aren't forced to lock them down, or prescribe any app store afaik. That's the banks that do. Some lock it down, some not at all. But you'll need some form of 2 factor "photoTAN" app. Unfortunately, common 2fa codes aren't used (or allowed), I think this legislation is actually older than them becoming common.

And that's quite all, they also offer hardware token generators. Not sure if they are required to, but i think so. You do have to pay for them once (20 or 30 bucks maybe?). In reality, this is somewhat impractical for a variety of reasons...

[–] artyom@piefed.social 2 points 1 month ago (1 children)

They aren't forced to...prescribe any app store afaik.

The app store ain't the problem, it's the apps themselves (and most likely Play Integrity shenanigans)

Unfortunately, common 2fa codes aren't used (or allowed), I think this legislation is actually older than them becoming common.

Those hardware generators you mentioned have been around for at least 30 years. A TOTP app is just software that does the same thing as those hardware generators.

[–] Creat@discuss.tchncs.de 2 points 1 month ago

Those hardware generators you mentioned have been around for at least 30 years. A TOTP app is just software that does the same thing as those hardware generators.

I'm aware, but you're not getting the secret token that you'd need to put into your TOTP app. At least not that I know of. I also haven't checked in a very long time if there are open source reimplementations of the photoTAN apps. They all got their own flavors, but it's also just a slight variation on a theme (initialize app with qr-like secret, then scan a similar code as a challenge/response using that secret to generate token). Probably should check that at some point.