So I’m guessing with this you’d use an alternative store like F-Droid instead of the Play Store? (Pardon my ignorance, I’m an iOS dev and have been for a decade; I don’t really know the Android landscape.)
The project officially develops secure, private access to the Play Store and its apps. My interpretation is that the project's authors prefer users to use the secure Play Store implementation over alternatives like Aurora, even if Aurora works fine.
> So I’m guessing with this you’d use an alternative store like F-Droid instead of the Play Store?
Not necessarily, but that's the best way to do it. Between apps from F-Droid and a browser, you don't need any apps from the play store. Your bank doesn't have an app on F-Droid you might say? Well that's what the browser is for.
Ha. Your example is rather specific seeming to me, as I actually work on one of the big 5 Canadian banking iOS apps here in Toronto.
For obvious reasons; we don’t ship to alternate stores - even if such a thing as iOS sideloading existed; we wouldn’t support it, and we of course do not support anything but the Play Store on Android.
It’s obviously partly a support cost issue - there would be less than 1% of our millions of users using F-Droid, etc - and, more importantly; it’s a security and support issue.
I think for a while we even had some sort of check that would detect a jailbroken iPhone or rooted Android device and attempted to refuse to run on them. Security is so far above the #1 priority working in banking it’s insane. We’d never consider anything outside of Apple or Google’s official solutions. We actually have real life contacts at Apple to help address specific security or approval concerns; which is practically unheard of.
Security in banking apps in the U.S. is an absolute joke. I'm glad to hear Canada takes it more seriously.
I've used everything from giant multinational banks to local credit unions in the U.S., and none of them will even let me sign in with U2F. Many of them still have password character limits.
(I'm sure I'm missing the obvious here) but why are you happy to have customers log in using a browser on a device they fully control, yet not do the same using your app on a device they fully control?
The obvious answer is that they're not happy about it, but that browsers don't give them the access necessary to detect whether the device running said browser is rooted (let alone do anything about it), so they can't pretend they know better about my own device's security than I do.
> I think for a while we even had some sort of check that would detect a jailbroken iPhone or rooted Android device and attempted to refuse to run on them.
Your uncertainty about this suggests it's not something you decided, but please let anyone involved in making decisions like that know that's a dick move. It's the user's device, not the bank's.
Erm, why would you ever want an app for your bank on your mobile phone? So that when you get mugged, it can turn into a kidnapping?
I use some bank apps because they're quicker than the websites. But I do this with a cheap Nexus 7 tablet that stays at home with a label saying "full take" stuck to the top to remind me to not trust it with any sensitive information.
Segregating apps onto different devices is the way to go to protect yourself from corporate malware.
> Erm, why would you ever want an app for your bank on your mobile phone?
To easily check balances and make transfers wherever I am. This is possible without the app, but the app makes it easier/quicker than the mobile site in most cases.
> So that when you get mugged, it can turn into a kidnapping?
How do you suggest a mugger to find out whether such an app is even installed, let alone do anything about it, in this day and age of full-device encryption being the default? Even assuming a mugger somehow has access to the nation-state-level compute resources and exploit tools necessary to gain access to anything on my phone, by the time the mugger has finished using said tools and compute resources, I'll have already changed my passwords and invalidated existing login sessions.
Also, kidnapping involves considerably more effort and risk than mugging, so this is a weird argument in general. The vast majority of people with both smartphones and bank accounts almost certainly have banking apps installed on their phones, and I know of precisely zero cases of muggers deciding "oh you have a banking app? lemme go find my windowless van and kidnap you, drawing considerably more attention to me and giving you considerably more reason to violently defend yourself instead of cooperating; surely nothing will backfire from that, no siree!".
Muggers quite frankly don't give a flying fuck about the apps on your phone. They want your cash and/or whatever they can quickly fence.
> Segregating apps onto different devices is the way to go to protect yourself from corporate malware.
Having firmware that gives you fine-grained app permissions that you can freely grant/revoke also accomplishes this. If apps on the Play Store are subverting that, then banking apps are probably the least of your worries.
> How do you suggest a mugger to find out whether such an app is even installed, let alone do anything about it, in this day and age of full-device encryption being the default?
They make you do it, the same way they made you give them the device in the first place.
I don't know why anyone thinks it would turn into a kidnapping, but it's pretty easy for someone who has already forced you to give them your phone to use the same technique to force you to unlock it.
What I'm getting at is that attempting to escalate a mugging beyond "I point a gun/knife at you, you give me stuff, I get away as fast as physically possible, I fence the stuff you gave me as soon as possible" introduces a lot more risks than what most muggers are willing to bear. Things get hairy very quickly the moment either the mugger or muggee deviates from that script - and forcing the muggee to unlock a mugged device is a rather drastic deviation, especially when the muggee can just as quickly call the police or reboot the phone or otherwise introduce yet more risk for the mugger on top of the existing risk from prolonging the duration of the mugging.
Same deal with home burglaries. No burglar in one's right mind is going to give the slightest iota of a rodent's anus about the possibility of there being a Bitcoin wallet and SSH keys on your laptop; most burglaries are smash-and-grab, and are intended specifically to minimize the amount of time spent inside the victim's home. Every second adds risk of complications; unless the burglar is targeting you specifically and knows ahead of time exactly which devices might have valuable data, it's in said burglar's best interests to take the laptop and run rather than spend precious seconds (or worse: minutes) "persuading" you to unlock it.
You can also just have multiple banks and then choose one of them to be the account where you put your 'working money'; i.e. an amount that you can afford to lose. This way you still get the convenience of having a bank app (quick payments, transfers & stuff), but not the risk of losing it all.
