Are these non Google non Apple phones viable any more?
Considering you almost can't do banking, and in some places interact with the government, without a locked down phone...
Are these non Google non Apple phones viable any more?
Considering you almost can't do banking, and in some places interact with the government, without a locked down phone...
They will be able to do banking at least once the legislators tear down the walled gardens in a sensible way. Are the security benefits from the Appstore/Playstore real or security theatre?
I'm pretty sure that, if there are security benefits, they have been artificially tied to the use of the company's distribution method, that coincidentally really needs to be sending usage statistics, monitoring, etc. Surely there exist no conflicts of interest to be found.
fifteen years ago I use to do mobile pentests for banks and when we could not find anything significant for the reports we could’ve always count on “lack of rooting detection” and pin the risk on some vague mobile banking malware threat pushed by marketing. I am sorry I contributed to this nonsense.
100% security theater, and here we are.
It's understandable; I would maybe expect to undergo an extra step in verification for a sensitive app like, "we noticed this is the first time you are using this system that is not locked down; please type in the token we have mailed you".
But locking users out (which may not directly be the bank's fault for relying on OS's security APIs) seems anti-competitive.
Would you bet your company on that happening soon? :)
Ha! Well, not right now! Previous to the last year or so, this wouldn't have escalated to the current situation where we're actively having to be wary of fending off Big Brother or blatant power grabs.
However, given that we're talking about a European phone, I'm willing to bet that this type of effort goes hand in hand with decoupling from American-backed services (at least for those who've seen the writing on the wall and understand the risk to their sovereignty if they put all their eggs on an American basket).
A similar question could be asked of the banks too.
Looks like the Swedish bankid at the very least actually does work on sailfish[1]!
Not sure about equivalent apps for other regions, but I don't see why they shouldn't work.
[1] https://forum.sailfishos.org/t/swedish-bank-id-swish/11781/3
They are European, certainly the Euros could come up with some regulation to force banks etc to support a Euro phone. I’d actually welcome this as more competition is better and we can’t seem to kill the duopoly here in the US.
I just switched to a Fairphone 5 with e/OS, which is a de-googled Android (it uses microG), and am pleasantly surprised how well everything works. My banking apps work, contacts and calendar lived on nextcloud already, the learning apps I use work. The two things I have to get used to is not having google maps, but the map app on there has also worked fine for me so far. And casting to a Chromecast doesn't really work for me, but I can live without that.
If you want, we can ritually bury your Chromecast? I'll bring the marshmallows, spiders, and the Necronomicon. Oh, and two of my old Chromecasts, rotting in a drawer.
Yes but will you speak the exact words?
If you don't expect Google Pay / Apple Pay to work? Yes. There's a thread on the SFOS forums dedicated to this [1].
[1] https://forum.sailfishos.org/t/banking-apps-on-sailfish-os/1...
Afaik there is an android compatibility layer but I don't know if it allows banking apps to works
It would not in principle, those rely on hardware backed keys with Google's latest iteration of Google Play Integrity. The only success people have had is by using leaked vendor keys and spoofing device fingerprints for old A11-era devices which did not have the hardware baked in. In time even this avenue will no longer work. People have been trying to get around it for a while [1] but afaik the concept is cryptographically airtight.
[1] https://xdaforums.com/t/discussion-the-root-and-mod-hiding-f...
My banking app works fine on a rooted phone that I don't bother faking a proper Play Integrity signature for. Except for a warning about the phone being rooted when setting it up, of course. I'm not 100% sure what happens when you have integrity and lose it by rooting your phone, but I imagine the bank app will log you out.
Bank apps only stop working because banks decided they know better than you.
Unfortunately my bank also switched to Google Pay which does require Play Integrity, so contactless payments are out of the question on that phone now. Maybe if Wero compatible terminals extend support for QR payments I could use my bank app again on that phone.
Maybe I'm out of the loop but what is everyone doing with banking apps on their phones that's so essential. I see this argument all the time but it's baffling to me.
I have several hockey leagues and pick up sessions that only take payment via Venmo; prior to league or the session starting. Makes it way easier than going around to everybody in the locker room trying to round up cash.
I also use it for a few vendors for some small payments I make every month for my studio.
I don't use them a lot and I know some people that use them for 90-95% of the stuff they do which is crazy to me like yourself. I try and limit my use of the apps to as little as possible. Whatever works for people I guess.
For quite many banks a mobile phone is now the only 2FA they support.
So glad my brokerage supports good old totp.
Or worse.
My bank closed down their old online banking site and the new one needs the phone for 2FA... but ... drumroll ...
... the idiots also want me to keep using the token device to log in before approving the log in via my phone.
Security theater.
So switch the bank? Worked for me.
I'm doing the research ofc. Have other things to look for besides not being dependent on a phone so it will take a bit.
MFA largely, some banks also provide wallets for contactless payments.
I refuse to have my browser fingerprinted as a "trusted device" because part my bank is just bad at it.
Paying for things? Transferring money? What else do you do with a bank account?
If we were rational creatures we might choose to do such things while seated at home in front of a comfortably sized screen, rather than squinting at a pocket gadget on a street corner.
The vast majority of people on this site can afford a couple hundred dollars for a basic Android phone that's used only for tasks like that, and as a bonus it's safer than having banking apps on your main phone. Anyone who isn't willing to spend a couple hundred bucks on the freedom to run whatever software they want on their phone probably doesn't consider software freedom a priority anyway.
Absolutely, and the cheapest Android phones are actually around $100.
You are allowed to have more than one cell phone.
If you use it without compatibility layer it's probably on the same level as a kaios phone. There is a lot of slop on the sailfish store.