from mikedd@lemmy.world to privacy@lemmy.ml on 30 Oct 14:47
https://lemmy.world/post/38080669
Hello all!
I have a situation and I was curious what other people recommend me do.
I have a Pixel 8a with GrapheneOS on it and have setup a separate user profile to have work stuff and my banking app on. At the moment my bank doesn’t have a web interface, it exclusively uses the phone app to do everything. (apparently they’ll be releasing the web version of the app next month but I have no other extra information on how it will work or whatever)
I’ve noticed that periodically they do some kind of scan that ends up blocking me from using the banking app (it locks it down with an alert that says something along the lines of: “your device might be rooted and compromised”).
First time this happened I had to call them up and they sent me from one department to another and 2 days later I had access back in the app. Now this happened again (3 weeks since the first time) and I’m gonna have to call them up again.
My question is, should I buy a cheap android phone (I’ve been looking at the Moto E15) and lug it around just for banking and occasionally for the microsoft authenticator for work? Is this a common thing that people with a similar issue do? Should I just wait for the web app (problem with that is that all internet purchases have to be confirmed via the stupid app and idk how that will be handled when the web app rolls out)?
Sorry if this is the wrong place to ask this and thanks in advance to those who take the time to reply! 🙏😅
threaded - newest
In ur working profile u installed google play service using graphene os appstrore and u installed it using play market .So does it happen inside container? Cause for now in container even revolut working without problem
Yeah, I have a secondary user profile with google play services and google play and installed the banking app from there. My main user profile has no google at all, it’s the default GrapheneOS profile (haven’t really tweaked it much).
Hmm I think the best answer possible to get from grahene is forum from dev team about ur banking app.something triggering ur banking app and have to be spoofed
The cheap secondary phone is the approach I have gone with for work apps. Powered up only when needed and doesn’t connect to my main home network.
Do you have the exploit compatibility mode enabled in the settings? Under Apps > [Your Banking App]
^^have you tried this? I needed to enable for my banking app to work.
I think what most of us do is not use a bank that requires using a fucking app to access.
That’s impossible in the EU, they all do by law.
Ah good ol’ EU once again contributing to the Apple/Google duopoly.
They aren’t forced to lock them down, or prescribe any app store afaik. That’s the banks that do. Some lock it down, some not at all. But you’ll need some form of 2 factor “photoTAN” app. Unfortunately, common 2fa codes aren’t used (or allowed), I think this legislation is actually older than them becoming common.
And that’s quite all, they also offer hardware token generators. Not sure if they are required to, but i think so. You do have to pay for them once (20 or 30 bucks maybe?). In reality, this is somewhat impractical for a variety of reasons…
The app store ain’t the problem, it’s the apps themselves (and most likely Play Integrity shenanigans)
Those hardware generators you mentioned have been around for at least 30 years. A TOTP app is just software that does the same thing as those hardware generators.
I’m aware, but you’re not getting the secret token that you’d need to put into your TOTP app. At least not that I know of. I also haven’t checked in a very long time if there are open source reimplementations of the photoTAN apps. They all got their own flavors, but it’s also just a slight variation on a theme (initialize app with qr-like secret, then scan a similar code as a challenge/response using that secret to generate token). Probably should check that at some point.
Damn, if you’re not joking, my day is ruined.
could you be more explicit? not that I do not trust you but I’d like to know more.
See my reply in this thread to artyom, I assume that’s what you’re looking for?
If my bank locked me out that often due to my phone OS, I’d switch banks. Sorry I can’t help.
You should switch banks to a bank that already has a web application and doesn’t require you to use a mobile application to make purchases.
Double agree
A patch was already released for this issue, fortunately: grapheneos.org/releases#2025102800
If I’m you I’m changing banks, the problem is likely to return and just get worse.
As alternative suggestion:
Switch Banks (Move to a Local Credit Union or at least a better one)