Android
DROID DOES
Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules
1. All posts must be relevant to Android devices/operating system.
2. Posts cannot be illegal or NSFW material.
3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.
4. Non-whitelisted bots will be banned.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Community Resources:
We are Android girls*,
In our Lemmy.world.
The back is plastic,
It's fantastic.
*Well, not just girls: people of all gender identities are welcomed here.
Our Partner Communities:
view the rest of the comments
I don’t know about the US but on this side of the pond banks have their own 2nd factor apps. So to log in to a bank’s website you need an app - quite probably with play integrity.
That sounds extremely inconvenient. Individual apps for 2FA? No thanks. I'm good with KeePass and Aegis, both open source, encrypted, and don't require any extra hardware.
That's insane, I have never heard of such a thing, but I'm in the US where most banks don't even have non-sms second factor.
That's crazy. Yeah in the rest of the world you can't do shit on a bank website, it's mostly just view only, and the rest is via the app. If it lets you do anything at all, it'll require 2FA via the app.
You can transfer money from a savings account with one bank to another account with another bank just via tapping said bank account icon in the app, like you don't even need the BIC/IBAN/AccNo/Name or any details, it knows where to go just because you have the app of the other bank, all you do is tap the icon.
I'm not even sure you can withdraw the money from the savings account without having the app of the target bank installed on the phone, signed into the target account.
Same way you can add a card to Google Pay by just tapping a button in the bank app, no details or anything required.
Frankly I don't even know where any one of my bank cards are, I remember for a good while I had a credit card that I didn't actually have physically because when you open the credit card account (which requires extra checks compared to what is default - debit cards) they don't bother to ship the physical thing to you unless you explicitly ask for it (via an option in the app), since most people just use it only via Google Pay because everywhere is cashless and uses only NFC.
I didn't realize at first but it meant that my "card" didn't even have a PIN, because there was no way to physically have it, any large transactions are authorized in the app, everything else, including IRL is implicitly authorized by me unlocking my phone with my fingerprint, which is required to make NFC payments on Android. I think with Apple phones it's required to open the app but for me since 2018 it's been muscle memory to tap the fingerprint reader and slap the phone on the NFC reader on anything from the tube to the dodgy corner shop.
To get the actual card details it's a relatively hidden submenu in the app, to add to Google pay is a giant button on the card icon in the app.
Convenient as hell but the sheer amount of privacy violations involved and info that must be gathered about the phone to do this in a compliant fashion makes me shudder.
Not so convenient when one loses their phone or service. Then get locked put of everything.
Yeah, happened to me. I tried to go to one of the bank locations but they not so subtly told me to fuck off and call their customer service instead if for some reason I couldn't use the 'in-app help menu'. The entire concept of me losing access to it seemed alien to them, as it I was born into the app or some shit, idk how much they pay those ghouls to stand there and gaslight folks like that but I sure hope it's a lot.
To restore it I had to call them and turned out I needed to know some kind of extra hidden secret "telephone banking" password after fighting past 10 people who could barely speak English. I didn't know it ofc and like an hour later I was able to prove who I was.
In America, we're lucky if our bank supports 2fa, let alone require an app for it
Dang. Y'all need to pick better credit unions. MFA rolling token is an open standard. Any single app can support all of my (correctly implemented) tokens. I prefer Aegis, but they (correctly implemented MFA apps) all work.
I don't want to trust my money to someone who can't implement standards compliant MFA.
That would scare the daylights out of me.
Well, they have a kind of 2FA since at least 30 years, long before rolling tokens were all over the place. Their latest implementations are as simple to use as Steam 2FA. If a bank isn’t able to implement a proper 2FA login there’s a ton of other security issues to worry about. Lastly, I think by using their own implementation/app they prevent their customers from using compromised apps.
Exactly. Any organization whose MFA doesn't work on Aegis, I take action to protect myself from their incompetence.
I'm sure they claim that. But I still recognize it as simple incompetence. They aren't able or willing to hire someone with the Cybersecurity expertise to implement a relatively simple open specification.
Y'all are welcome to risk your money there. It's probably insured anyway, right?
For me, that's too much risk. Even if insurance makes me whole, getting robbed is a huge pain.
That'll surely end their business. /s
Just out of curiosity: What percentage of the population is capable of running Graphene/Aegis? What percentage, regardless of capability, is willing to do so?
Creators of popular OSS regularly warn about downloading their stuff elsewhere or pay for it. How do you think that would apply to any 2FA application?
Now think of how stupid the average person is, and realize half of them are stupider than that. (love some George Carlin). Given that even (very) stupid people have and need bank accounts: How would you implement an authentication that can't easily be compromised to ripp off stupid people?*
* Let's just assume that you, the lead developer, are not at all "incompetent", quite the opposite. Also take into consideration that you need to keep cost down (hint: That means you want no one to call support because of 3rd party applications!).
I've been using a dedicated TAN generator for banking since I first made my account but I don't doubt that's going away at some point, since debit cards from the same bank already require an app for 3-D secure.
That's not it, the TAN and 3-D Secure are different components to the 2FA required to access the bank account.
No, hardware TAN generator work fine. If the bank wants to force me to use proprietary snake oil it's time for a new bank. Or using a dedicated old smartphone just for the app.
Good luck, there are no other alternatives.
Consors bank so far is an alternative. NFC cards, hardware TAN generators, app not forcing use of proprietary OSses. LineageOS is fine, need to check GOS.