Bank apps: Use an ATM, or a second phone. Enterprise apps: Use a second phone, preferably paid for by work. Government apps: Use a second phone, or refuse to use it (since there's likely elderly whom are not on board yet). Copyrighted media: Piracy.
Bank apps: Use an ATM, or a second phone. Enterprise apps: Use a second phone, preferably paid for by work. Government apps: Use a second phone, or refuse to use it (since there's likely elderly whom are not on board yet). Copyrighted media: Piracy.
"just use a second phone" cannot be the answer because 99% of people will just scoff at that. Instead of buying a second phone, why not just buy one that works?
And that's to say nothing of the environmental impact.
> "just use a second phone" cannot be the answer because 99% of people will just scoff at that.
Here we are talking about installing PostmarketOS/Linux on a smartphone. The next milestone is not to get everyone on it. First we need a base of early adopters that are willing to use it despite the drawbacks. The more user those alternatives will get, the more they will be developed, the better it will get.
Sure, for the next years, it will be way behind Android or iOS in terms of ease of use, but that's the price to pay to get back control on the device you own that is probably the main computer you use everyday.
For me that's not worse than using Linux in the early 2000s, and like Linux in the early 2000s, it may even be _fun_ to be an early adopter of Linux on the smartphone.
Now we don't need to migrate everyone to PostmarketOS, we _just_ need an alternative OS for at least the ones who are willing to play with it.
> it. First we need a base of early adopters that are willing to use it despite the drawbacks.
That didn't work that well for Linux, though. It's still a very niche OS even on desktop.
https://www.ubuntu-touch.io/
What you're saying already existed. Linux on a smartphone was called Android. It ended up where it is today. If you were to somehow make another Linux on a smartphone competitor, it too would end up where Android is today, for the same reasons.
This is just not true. Google has been directing the development of Android to maximize their profits. without such incentive, it won't be repeated.
Also, please stop with security nihilism, https://news.ycombinator.com/item?id=27897975
The current cyber security zeitgeist is to only allow "trusted" devices in your SSO flow and to also shove your VPN authentication on that SSO flow which includes even third party browsers not working. Only Chrome with a managed profile is even allowed to login. That pretty much means if you're not using a most recent version of iOS or Android you're SOL for using it for work.
And good luck spoofing it these days cause they are usually backed by hardware backed tpm encryption. Which is why windows 11 only installs if there's a tpm 2.0 device detected.
It's become super dystopian in the past 10 years and I don't see it changing.
Always thankful that I got to live through the wild West days because that's going away.
I don't argue that the problem isn't serious. I just want to tell that giving up is not the solution. I use a GNU/Linux phone and refuse any banks or services that don't work there. Yes, it's challenging and I have to make compromises because of it. Such is life.
Having a rooted android 11 phone for years was never a problem. My bank apps worked just fine. Even for work stuff (usually). It's on the personal side where I actually started to value having a virtual credit card on my phone with Google pay or apple pay. The stack to enable that securely is only on android and iOS and there's nothing else out there that has that. Open source community needs a full stack for attesting biometric sensors, storing secrets, and pushing them out through NFC and doing it properly is a lot.
Seconded. The NFC payment feature is useful on mobile in a way that generic "online banking" just isn't IMO. In the same category are transit apps, ride-hailing apps, social messaging, and a (very) few other others. The problem is that payment really does require a secure stack, as you describe.
I prefer to use an actual credit card, in order to keep the control over my computing in my hands.
Indeed, I do too. But since you always need at least one backup means of payment, I keep a second virtual card on mobile for that. Which alas is a very convenient solution.
Why can't you have two plastic cards from two different banks?
I find that cards are a PITA, mainly because they're always expiring and I tend to change physical address a lot.
Why postmarketOS and not Mobian?
idk, I was just giving a name for "Linux but not Android on a smartphone".
It's called GNU/Linux.
>It's called GNU/Linux.
The overwhelming majority of users call it "Linux" and don't care what the operating system's pronouns are.
Many Linux systems are running today without GNU coreutils or userland.
It's time to stop posting this flame bait.
This isn't a flame bait. GNU is exactly what's different between GNU/Linux and Android. So say it when it's the point.
> "just use a second phone" cannot be the answer
It is the best answer at the moment. You can keep an absolute basic phone with all the banking and such apps loaded and nothing else. You treat it like an appliance. Your daily driver will be separate and can be running PostmarketOS or LineageOS etc.
There are several benefits off the top of my head:
1. Since you only install banking/govt type apps on your "important" phone, it stays more secure vs. putting your random game app along with the banking app on the same phone.
2. When you upgrade your daily driver, you don't need to deal with tons of re-auth steps for banking/govt apps.
3. Your daily driver can be customized to the nth degree because the pesky banking app won't be on it to refuse login because, say, you turned on developer options or rooted the phone.
4. You can even leave the basic phone at home for extra safety, if you wish, without affecting your daily driver.
5. You can root your daily driver and put as much adblocking setup as you want to boost your privacy. Your basic phone won't have enough activity outside banking/govt. to build much of a profile.
There's just one problem: increasingly, everything that makes a phone a "daily driver" is the thing that can only work on the "important" phone. Banking/finance, government services, commerce, work, communications (thanks a lot E2EE), and DRM-ed entertainment - all the major players here are locking their software down and relying on remote attestation to ensure their locks stay shut.
With this being the trend, you're already more likely to leave what you called "daily driver" phone home, and only take the "important" one with you.
Still waiting for someone to make a tiny token sized phone. Unfortunately the smallest around, Unihertz Atom, is both outdated and too low resolution for some apps to work.
Been doing this for years. Old phone for testing apps and running servers
All the Google stuff is disabled, open source Contacts app,^1 no Google Play Services, no access to remote DNS, Netguard for application firewall and port forwarding, with computer I control as gateway. 1. Have yet to find any other app that can access contacts when storing them this way, even the Meta's biggest Trojans
Meanwhile, new phone, "important phone", stays offline. Wifi off. Location off. path?.xtracloud.net blocked. Phone is used for texting and phone calls, no internet access
The "banking app" argument, i.e., either install a custom ROM or give up or submit to surveillance, is a false dichotomy. There are other options
I don't use a phone for internet banking, I use a computer I can control; there is no "banking app" (talk about high risk, geez)
The "banking app" problem is a common refrain on HN but in the real world I know many people who do not use a phone for internet banking
Mobile OS just suck. It's like being forced to use MS Windows
It might actually be a better environmental decision, if instead of buying a new second phone, it is instead about keeping an existing phone in use and not adding to the burning heaps of e-waste. Given the rising popularity of refurbished phones, not to mention the lower costs, it might actually be the opposite of what you claim, at least on those grounds.
And for the rest, well, "just works" for what? With a little time and effort, it may even get to the case of the "just works" part is a siloed unit like a SIM card that is just installed to the device, making it opt-in and user owned...
> "just use a second phone" cannot be the answer
Not That i want to kick the can down the road, but the ultimate solution (barring actually fighting for our privileges over the systems we buy) is to have that second phone, and control it either via vnc, or via a kvm which presents vnc. I know, its really absurd, complexity wise, what with tunneling and figuring out where to house said setup. However, the latter is ultimately transparent to the phone, outside of allowing a second monitor/hid to be connected to it. You could, given a VNC client then go ahead and control it via laptop or another phone.
It's not a solution because VNC is already nerfed and will be the first thing to go, if people try to embrace the idea.
Providers of all the service types aren't driving this because they believe locked down phones are a Good Thing. They're driving this because they explicitly don't want you to do the very things you'd want to do with your VNC idea.
Which is exactly my point: once you apply these workarounds, you don't need a smartphone anymore.
Also: both banks and governments are pushing for 2FA with a mobile device being the primary, and in some cases the only, accepted second factor source.
As for the atm: to use the ATM I need a bank card, to use the bank card I need a PIN. What do you think all the local banks have chosen as their secure channel for communicating that pin to users in the last few years?
For bank apps, you can just use their website