We as a society should be rethinking the term “security”, if it’s come to mean submitting to being jerked around however best suits some private company’s interests instead of our own. If there’s a central platform for its security benefit it should be democratically controlled instead of controlled by what are effectively feudal lords, or perhaps even an occupying force
The security I am talking about has nothing to do with being locked down. Linux could easily implement the same, but it probably never will, because it requires a bit of central management and vision. And Linux really struggles with that.
Yeah, I was the one mentioning QubesOS. Since I tried it and didn’t last a week because of how bad the user experience was. I am not a CIA spy, I am looking for a balance of security and usability and android is amazing at that. Sure, some things could be more secure. Sure, I can’t do some things because GrapheneOS can’t be rooted. But the balance is excellent. At least for me.
I’m not sure how it works the way where you live but where I live, the way the banking apps are implemented completely violate MFA. They rely on SMS verification which is absurd since if you’re phone is already compromised, no doubt your SMSes are too. There’s no true multi-device authentication in place and this has led to a huge number of victims being scammed after their devices get compromised by a phishing attack.
The desktop and phone are both insecure, proper security should not have all your eggs in one basket.
Well, yes. But then again, I would trust my GrapheneOS phone not getting compromised over 3 linux devices. MFA is not some ultimate solutions and it is a pain to use.
I mean sure, but that’s not the case for the majority of the user base of these banking apps. Is it the most secure? No but it’s way better than it is right now.
So what is the case for most users? Are normal android phones getting compromised (in a way true 2FA would help) often enough it is an issue? I honestly haven’t seen any statistic regarding this and anecdotally I don’t know anyone whose internet banking was compromised. Whether on phone or desktop.
Your phone has likely much better security for your banking apps than your computer, unless you run really niche setup like QubesOS.
We as a society should be rethinking the term “security”, if it’s come to mean submitting to being jerked around however best suits some private company’s interests instead of our own. If there’s a central platform for its security benefit it should be democratically controlled instead of controlled by what are effectively feudal lords, or perhaps even an occupying force
The security I am talking about has nothing to do with being locked down. Linux could easily implement the same, but it probably never will, because it requires a bit of central management and vision. And Linux really struggles with that.
You’re responding downthread of QubesOS being mentioned
Sure it’s hard to get that kind of security onto mainstream distros. But it exists.
Yeah, I was the one mentioning QubesOS. Since I tried it and didn’t last a week because of how bad the user experience was. I am not a CIA spy, I am looking for a balance of security and usability and android is amazing at that. Sure, some things could be more secure. Sure, I can’t do some things because GrapheneOS can’t be rooted. But the balance is excellent. At least for me.
You say “security” I say “a bug that won’t let me log in”. Which is it?
I’m not sure how it works the way where you live but where I live, the way the banking apps are implemented completely violate MFA. They rely on SMS verification which is absurd since if you’re phone is already compromised, no doubt your SMSes are too. There’s no true multi-device authentication in place and this has led to a huge number of victims being scammed after their devices get compromised by a phishing attack.
The desktop and phone are both insecure, proper security should not have all your eggs in one basket.
Well, yes. But then again, I would trust my GrapheneOS phone not getting compromised over 3 linux devices. MFA is not some ultimate solutions and it is a pain to use.
I mean sure, but that’s not the case for the majority of the user base of these banking apps. Is it the most secure? No but it’s way better than it is right now.
So what is the case for most users? Are normal android phones getting compromised (in a way true 2FA would help) often enough it is an issue? I honestly haven’t seen any statistic regarding this and anecdotally I don’t know anyone whose internet banking was compromised. Whether on phone or desktop.
Yeah, SIM swaps are a concern too.
The phone is not insecure because of all eggs on basket.
Which is the point. Why do we need this security when the most virus riden PC can access my banking website.
That’s a good point, time to ban banking websites and only allow people with locked-down phones to bank.