I’m not sure how it works the way where you live but where I live, the way the banking apps are implemented completely violate MFA. They rely on SMS verification which is absurd since if you’re phone is already compromised, no doubt your SMSes are too. There’s no true multi-device authentication in place and this has led to a huge number of victims being scammed after their devices get compromised by a phishing attack.
Comment on Google's shocking developer decree struggles to justify the urgent threat to F-Droid
DreamlandLividity@lemmy.world 5 days agoYour phone has likely much better security for your banking apps than your computer, unless you run really niche setup like QubesOS.
pycorax@sh.itjust.works 5 days ago
DreamlandLividity@lemmy.world 4 days ago
Well, yes. But then again, I would trust my GrapheneOS phone not getting compromised over 3 linux devices.
pycorax@sh.itjust.works 4 days ago
I mean sure, but that’s not the case for the majority of the user base of these banking apps. Is it the most secure? No but it’s way better than it is right now.
DreamlandLividity@lemmy.world 4 days ago
So what is the case for most users? Are normal android phones getting compromised often enough it is an issue?
Regrettable_incident@lemmy.world 4 days ago
Yeah, SIM swaps are a concern too.
Auli@lemmy.ca 5 days ago
The phone is not insecure because of all eggs on basket.
fodor@lemmy.zip 4 days ago
You say “security” I say “a bug that won’t let me log in”. Which is it?
Auli@lemmy.ca 5 days ago
Which is the point. Why do we need this security when the most virus riden PC can access my banking website.
boonhet@sopuli.xyz 4 days ago
That’s a good point, time to ban banking websites and only allow people with locked-down phones to bank.
leastaction@lemmy.ca 4 days ago
There are no banking apps on my computer.
traceur402@lemmy.blahaj.zone 5 days ago
We as a society should be rethinking the term “security”, if it’s come to mean submitting to being jerked around however best suits some private company’s interests instead of our own. If there’s a central platform for its security benefit it should be democratically controlled instead of controlled by what are effectively feudal lords, or perhaps even an occupying force
DreamlandLividity@lemmy.world 4 days ago
The security I am talking about has nothing to do with being locked down. Linux could easily implement the same, but it probably never will, because it requires a bit of central management and vision.
Natanael@infosec.pub 4 days ago
You’re responding downthread of QubesOS being mentioned
Sure it’s hard to get that kind of security onto mainstream distros. But it exists.
DreamlandLividity@lemmy.world 4 days ago
Yeah, I was the one mentioning QubesOS. Since I they it and didn’t last a week because of how bad the user experience was. I am not a CIA spy, I am looking for a balance of security and usability and android is amazing at that. Sure, some things could be more secure. Sure, I can’t do some things because GrapheneOS can’t be rooted. But the balance is excelent.