Hello all!
I have a situation and I was curious what other people recommend me do.
I have a Pixel 8a with GrapheneOS on it and have setup a separate user profile to have work stuff and my banking app on. At the moment my bank doesn’t have a web interface, it exclusively uses the phone app to do everything. (apparently they’ll be releasing the web version of the app next month but I have no other extra information on how it will work or whatever)
I’ve noticed that periodically they do some kind of scan that ends up blocking me from using the banking app (it locks it down with an alert that says something along the lines of: “your device might be rooted and compromised”).
First time this happened I had to call them up and they sent me from one department to another and 2 days later I had access back in the app. Now this happened again (3 weeks since the first time) and I’m gonna have to call them up again.
My question is, should I buy a cheap android phone (I’ve been looking at the Moto E15) and lug it around just for banking and occasionally for the microsoft authenticator for work? Is this a common thing that people with a similar issue do? Should I just wait for the web app (problem with that is that all internet purchases have to be confirmed via the stupid app and idk how that will be handled when the web app rolls out)?
Sorry if this is the wrong place to ask this and thanks in advance to those who take the time to reply! 🙏😅
That’s impossible in the EU, they all do by law.
Ah good ol’ EU once again contributing to the Apple/Google duopoly.
They aren’t forced to lock them down, or prescribe any app store afaik. That’s the banks that do. Some lock it down, some not at all. But you’ll need some form of 2 factor “photoTAN” app. Unfortunately, common 2fa codes aren’t used (or allowed), I think this legislation is actually older than them becoming common.
And that’s quite all, they also offer hardware token generators. Not sure if they are required to, but i think so. You do have to pay for them once (20 or 30 bucks maybe?). In reality, this is somewhat impractical for a variety of reasons…
The app store ain’t the problem, it’s the apps themselves (and most likely Play Integrity shenanigans)
Those hardware generators you mentioned have been around for at least 30 years. A TOTP app is just software that does the same thing as those hardware generators.
I’m aware, but you’re not getting the secret token that you’d need to put into your TOTP app. At least not that I know of. I also haven’t checked in a very long time if there are open source reimplementations of the photoTAN apps. They all got their own flavors, but it’s also just a slight variation on a theme (initialize app with qr-like secret, then scan a similar code as a challenge/response using that secret to generate token). Probably should check that at some point.
Damn, if you’re not joking, my day is ruined.