It seems to me that part of the problem is overreliance on phones as computing devices. A lot of things, like banking, are best done on an actual computer. We have become too dependent on phones.
Maybe we have this view because when we refer to computers we see a more open ecosystem that’s not found in the mobile phone era. I want that same liberty with my phone.
When the word “sideloading” has disappeared, I think then we have known something has changed.
We as a society should be rethinking the term “security”, if it’s come to mean submitting to being jerked around however best suits some private company’s interests instead of our own. If there’s a central platform for its security benefit it should be democratically controlled instead of controlled by what are effectively feudal lords, or perhaps even an occupying force
The security I am talking about has nothing to do with being locked down. Linux could easily implement the same, but it probably never will, because it requires a bit of central management and vision. And Linux really struggles with that.
Yeah, I was the one mentioning QubesOS. Since I tried it and didn’t last a week because of how bad the user experience was. I am not a CIA spy, I am looking for a balance of security and usability and android is amazing at that. Sure, some things could be more secure. Sure, I can’t do some things because GrapheneOS can’t be rooted. But the balance is excellent. At least for me.
I’m not sure how it works the way where you live but where I live, the way the banking apps are implemented completely violate MFA. They rely on SMS verification which is absurd since if you’re phone is already compromised, no doubt your SMSes are too. There’s no true multi-device authentication in place and this has led to a huge number of victims being scammed after their devices get compromised by a phishing attack.
The desktop and phone are both insecure, proper security should not have all your eggs in one basket.
Well, yes. But then again, I would trust my GrapheneOS phone not getting compromised over 3 linux devices. MFA is not some ultimate solutions and it is a pain to use.
I mean sure, but that’s not the case for the majority of the user base of these banking apps. Is it the most secure? No but it’s way better than it is right now.
So what is the case for most users? Are normal android phones getting compromised (in a way true 2FA would help) often enough it is an issue? I honestly haven’t seen any statistic regarding this and anecdotally I don’t know anyone whose internet banking was compromised. Whether on phone or desktop.
Yep I absolutely refuse to put any banking apps on my phone. The only thing that has access to my bank is me physically going there or logging into their website via my own computer. Fuck any app that asks for access to my bank account including autopay services thorugh third parties.
The only third party serive I use for payments is paypal and that only goes to my credit card.
It seems to me that part of the problem is overreliance on phones as computing devices. A lot of things, like banking, are best done on an actual computer. We have become too dependent on phones.
Maybe we have this view because when we refer to computers we see a more open ecosystem that’s not found in the mobile phone era. I want that same liberty with my phone. When the word “sideloading” has disappeared, I think then we have known something has changed.
no it’s not. takes me 2 seconds to log in into my banking up in my phone. anything basic will take a few taps to do (eg transfer money).
Your phone has likely much better security for your banking apps than your computer, unless you run really niche setup like QubesOS.
We as a society should be rethinking the term “security”, if it’s come to mean submitting to being jerked around however best suits some private company’s interests instead of our own. If there’s a central platform for its security benefit it should be democratically controlled instead of controlled by what are effectively feudal lords, or perhaps even an occupying force
The security I am talking about has nothing to do with being locked down. Linux could easily implement the same, but it probably never will, because it requires a bit of central management and vision. And Linux really struggles with that.
You’re responding downthread of QubesOS being mentioned
Sure it’s hard to get that kind of security onto mainstream distros. But it exists.
Yeah, I was the one mentioning QubesOS. Since I tried it and didn’t last a week because of how bad the user experience was. I am not a CIA spy, I am looking for a balance of security and usability and android is amazing at that. Sure, some things could be more secure. Sure, I can’t do some things because GrapheneOS can’t be rooted. But the balance is excellent. At least for me.
You say “security” I say “a bug that won’t let me log in”. Which is it?
I’m not sure how it works the way where you live but where I live, the way the banking apps are implemented completely violate MFA. They rely on SMS verification which is absurd since if you’re phone is already compromised, no doubt your SMSes are too. There’s no true multi-device authentication in place and this has led to a huge number of victims being scammed after their devices get compromised by a phishing attack.
The desktop and phone are both insecure, proper security should not have all your eggs in one basket.
Well, yes. But then again, I would trust my GrapheneOS phone not getting compromised over 3 linux devices. MFA is not some ultimate solutions and it is a pain to use.
I mean sure, but that’s not the case for the majority of the user base of these banking apps. Is it the most secure? No but it’s way better than it is right now.
So what is the case for most users? Are normal android phones getting compromised (in a way true 2FA would help) often enough it is an issue? I honestly haven’t seen any statistic regarding this and anecdotally I don’t know anyone whose internet banking was compromised. Whether on phone or desktop.
Yeah, SIM swaps are a concern too.
The phone is not insecure because of all eggs on basket.
Which is the point. Why do we need this security when the most virus riden PC can access my banking website.
That’s a good point, time to ban banking websites and only allow people with locked-down phones to bank.
Yeah but it’s “we” as in everyone not “we” as in “Lemmy commenters”.
So the network effect will keep the average person on a locked-down phone that can’t run anything anti-regime
Yep I absolutely refuse to put any banking apps on my phone. The only thing that has access to my bank is me physically going there or logging into their website via my own computer. Fuck any app that asks for access to my bank account including autopay services thorugh third parties.
The only third party serive I use for payments is paypal and that only goes to my credit card.
Yeah guess what happens when access starts to be app-only?