A really big surprise following the creation of my secondo profile on my GrapheneOS, which i created explicitly to have a google environment where I could keep bank apps segregated. So, I removed bank apps and Google play store on main profile, created 2nd profile, installed Google play store on 2nd profile, then installed the bank app, which I successfully logged onto the first time. The second time it locked me out saying that my account was blocked. I called the bank and they said I have malware and I need to hard reset my phone and reinstall. I’m not telling them what my real setup is because they won’t understand. I wonder why the bank app thinks I have malware if I only have Google play store, the bank app and WhatsApp on my second profile?
Just sharing my day to day experience where I try to pursue privacy but I get screwed by the system. If you don’t give up all you data, your life is made difficult. That is why people choose convenience and don’t question too much. Its hassle free. How do we get out of this messed up system?
What a shitty banking app. The malware explanation could just be customer service boilerplate. They might have just implemented some commercial fingerprinting/analysis/security library in the app that freaked out at the minimal fingerprint of the GrapheneOS profile and defaulted to locking you out.
As individuals, we need to continue defending and advocating for our privacy - using privacy-respecting phones and software even if it’s difficult and organize against surveillance capitalism, or at least donate to existing advocacy groups. And the developers that make privacy-respecting alternatives more accessible. Not much of an easy way out since we’re up against Big Tech on a profoundly uneven playing field.
But for immediate issues like this, I would get a cheap separate phone with regular Android to handle the app if the bank doesn’t offer the same services through a browser. Try to keep it on an isolated network and only power it on when necessary.
I stopped using banking apps altogether in favor of using the website instead.
My previous bank would not allow me to do everything from the website that I could do from the app which is why they are now my previous bank and not my current bank, LOL.
The problem is that many banks are using mobile phones 2FA devices and they don’t allow other means. I asked why I couldn’t go back to SMS as 2FA and they said that they deem it to be insecure.
SMS 2FA is insecure though. Something like a fido key would be an option.
I’m not telling them what my real setup is because they won’t understand.
They would then tell you that only Android is supported.
Btw, i use App Manager and TrackerControl to analyze apps.
These look really interesting
which would be ridiculous because it is android just the same
Nope. It’s a certificate Google only gives, if you meet conditions like Chrome, Maps, Youtube as main apps and some app shortcuts on launcher. Which in turn allows to install Play Store and to call it Android.
The same thing is AOSP, which vendors and LineageOS & co. build their ROM from.
what you speak of is certified android. but a vendor can sell android phones (not certified) without google services, and that is android.
Nope, they can’t call it Android then. Hard to google nowadays but there were legal cases in the past, i think with Amazon too? And Google got in trouble with the EU, because they got too far and required for the cert that no devices by the same vendor are allowed other operating systems.
I’ve managed to avoid banking apps altogether but I know they often want you to be running stock Android, no rooting or whatever. There is a retail app that I sometimes use but I relegate it to a burner phone. If I had to run a banking app with any regularity, I’d probably do the same thing.
Yes, I’ve been thinking about a burner phone but difficult to find pay as you go sims these days here. You end up in some form of contract. There you go … You want privacy, you have to pay for it. Wtf! We’ll soon be screwed altogether. They’ll soon ban non-stock ROMs too … Not long till this happens …
I don’t have working cell service in my burner phone at all right now. I just use my regular phone as a wifi hotspot and run the retail app on the burner. But tello.com has some low cost pay-as-you-go plans. They are a T-mobile MVNO and are supposedly ok. I’m on a redpocket monthly plan and am fairly happy with it despite horrible reports about them in the past. Look at r/nocontract on spezzit for more ideas.
Good shout. I hadn’t thought of the hotspot option although I wanted to relegate WhatsApp to the burner phone as I just use it for kids school.
