• SavvyWolf
    link
    fedilink
    English
    2418 months ago

    They 100% would stop you if they could.

    It’s why Google’s website DRM thing was so scary.

      • @[email protected]
        link
        fedilink
        898 months ago

        Basically Google wanted to put checksums in webpages and then not render the page period if the checksum didn’t match and said checksum could only be verified by “approved” browsers that had the correct certificate (which surprise was Chromium only browsers such as Chrome and probably Edge). As such you wouldn’t have been able to run any adblockers as that would change the checksum and the way the page was rendered. They could also then go one step further and do a Denouvo type set up to make sure the OS wasn’t being altered.

        • @[email protected]
          link
          fedilink
          488 months ago

          Super useful technology for security purposes!

          Super scary technology for literally everything else.

        • @[email protected]
          link
          fedilink
          228 months ago

          Yes, I know about what they attempted (actually published some of it already in an official repo).

          But why you talk in past tense? Have they reverted the changes and publicly pinky-promised not to do it?

      • SavvyWolf
        link
        fedilink
        English
        138 months ago

        Okay, so I originally was going to go in a long rant about how they’re still doing it, but decided that it didn’t really add much to the comment, so removed it.

        Afaik they’ve, for now at least, shelved it in browsers, but are still going ahead in Android webviews (as part of their war on Youtube Vanced).

        • @[email protected]
          link
          fedilink
          8
          edit-2
          8 months ago

          i guess they will probably try again with a new name later when the dust settles. can never trust them.

          what about android webviews, i thought it isnt related to vanced? how do they plan to kill vanced this time?

  • @[email protected]
    link
    fedilink
    1408 months ago

    I actually heard something about that in class not long ago

    The story is that Android’s security heavily relies on the compartmentalization of apps that lives in the android layer, over the Linux kernel. Apparently, that functionality works in part because only this layer can perform operations that require root access, no app or user can. So software that allows you to root your phone apparently breaks this requirement, and makes the whole OS insecure. He even heavily implied that one should never root their phone with ‘free’ software found on the internet because that was usually a front for some nefarious shit regarding your data.

    I’m just parroting a half-understood and half-remebered speech from a security expert. His credentials were impressive but I have no ability to judge that critically, if anyone knows more about this feel free to correct me.

    • @[email protected]
      link
      fedilink
      738 months ago

      Isn’t saying that allowing apps to have root lets them access anything just describing what root is? A rooted phone doesn’t have to give superuser access to every app.

      • @[email protected]
        link
        fedilink
        288 months ago

        A rooted phone doesn’t have to give superuser access to every app.

        Sure, but apps that run as superuser can access anything, including the data and memory for banking apps. A big part of Android’s security model is that each app runs as a different user and can’t touch data that’s exclusively owned by another user.

        • @[email protected]
          link
          fedilink
          348 months ago

          It just means you need to trust apps that you give root access to, or only give elevated privileges during the very specific times when apps need them. Root isn’t something people who don’t know what they’re doing should be messing around with, I guess. But I’d think a lot of people who root their phone know and accept the risks.

          • @[email protected]
            link
            fedilink
            17
            edit-2
            8 months ago

            People like you or I may know what we’re doing with a rooted device, but I think the issue for the banks is that they can’t guarantee that someone with a rooted phone knows what they’re doing or isn’t using a malicious app, so they have to be cautious and block all rooted phones.

            An app that requires root may look like a normal app but it could be a trojan that modifies banking apps in the background (eg patches them on disk or in RAM so transfers done through the app go to a different recipient). There’s been malicious apps in the Play Store in the past, and rooted apps have way less oversight - some are literally just APK files attached to XDA-Developers posts or random blog sites.

            • @[email protected]
              link
              fedilink
              118 months ago

              I take your point, and I’m sure you’re right about the banks’ rationale, but in my own view it does not seem like it should be the banks’ decision to make.

              • @[email protected]
                link
                fedilink
                88 months ago

                As soon as a bank offers any sort of fraud protection, though, security becomes a bank issue (in addition to a “you” issue).

                Not at all saying I agree with the banks on this, but I think that may be part of the thinking.

                • @[email protected]
                  link
                  fedilink
                  28 months ago

                  This is a good point. The bank needs to do as much as they can to reduce fraud risk, and they’ve probably found some correlation between rooted phones and a higher likelihood of fraudulent transactions. Some banks block VPNs for a similar reason - when logging in from a VPN, it’s harder for them to tell that it’s actually you vs if it’s an attacker that uses the same VPN service as you.

              • @[email protected]
                link
                fedilink
                18 months ago

                Your risk exposure is that you could lose your bank account balance. The banks risk exposure is that they could lose every bank account balance exploited by the same rooted phone vulnerability. So they evaluate risk differently than you do.

            • sepi
              link
              fedilink
              2
              edit-2
              8 months ago

              bro I gave my nana root on her eye phone and by the end of the week she had hacked half of North Korea - the other half thought her actions were a good example of juche ideals. It was crazy ngl

      • @[email protected]
        link
        fedilink
        88 months ago

        I think he was trying to say apps get access to “root features” through an abstraction layer/API calls that is controlled.

        They don’t/wouldn’t have carte blanche root access to the underlying system. It’s kinda like a docker container or VM or flatpaks/snap packages on Linux. They are sandboxed from everything else and have to be given explicit premission to do certain things(anything that would need root privileges/hardware access).

    • @[email protected]
      link
      fedilink
      538 months ago

      I wouldn’t even feel compelled to root my phones if Google would actually back up my phone instead of whatever 1/4 baked shit they’ve done thus far.

      • @[email protected]
        link
        fedilink
        English
        38 months ago

        I’ve been using android since 2010, and it’s gotten significantly better over the years. There’s only a few things it doesn’t back up, like text messages and app data, most of which you don’t need.

        • @[email protected]
          link
          fedilink
          188 months ago

          Mine backs up my text messages, but I would prefer to backup my app data, authenticators, wallpaper, themes, games, etc., not every app is a shitty front-end to a website.

        • @[email protected]
          link
          fedilink
          English
          58 months ago

          It is not Android that is backing up most things though, it is mostly done by Google Services. That means that your data is effectively vendor locked-in if you want to use Android as an actual open source project. Google gutting the AOSP to this extent should be illegal (maybe even is, but might is right).

    • @[email protected]
      link
      fedilink
      38 months ago

      The problem is very simple - the majority of people are technically illiterate. Apple and Google saw the Windows XP security fiasco, looked at how many people use smart phones today and decided that giving users any rights is not worth the risk.

  • @[email protected]
    link
    fedilink
    808 months ago

    Because they want to “protect” you from “yourself”. Imagine, you could scrape your own data that you can already see.

    I’d be really worried if the security of server operation for my bank depended on the client-side. But playing devils advocate, some people will most likely point out that a root exploit on a phone may be unintentional and used to spy on people, to which I answer:

    • show me a big scary box where I can “accept the risk” and move on
    • keep in mind that if I am root on my phone, I can hide the fact that I am root on my phone and you’ll be none the wiser

    Currently, option 2 is in effect, sadly.

    • @[email protected]
      link
      fedilink
      218 months ago

      The issue with option one is that scammers get old (or not technical) people to do stuff when they don’t know what they’re doing and click the box not knowing what they just did. So yes very frequently they need to protect people from themselves because they’re dumb, but I still expect banks to do business with those dumb people, sooo… Option 2 it is.

        • @[email protected]
          link
          fedilink
          158 months ago

          That’s where this part becomes relevant

          a root exploit on a phone may be unintentional and used to spy on people

        • @[email protected]
          link
          fedilink
          58 months ago

          I think I just figured it out, hang on with me.

          It’d be the tech literate person in the family. The nephew that’s working as a programmer or something like that. Now, if that nephew has some interest in stealing their uncles money, they now have access to their bank account through a freely rooted phone.

          This gives them a lot of options, which I don’t have to explain.

          Given that a lot of scams actually happen between presumed family and friends…

          Yeah I kinda get why banks are doing this

    • @[email protected]
      link
      fedilink
      5
      edit-2
      8 months ago

      You deftly evaded the leading attack vector: social engineering. Root access means any app installed could potentially access sensitive banking. People really are sheep and need to be protected from themselves, in information security just like in anywhere else.

      You don’t get a “accept the risk” button because people don’t actually take responsibility, or will click on those things without understanding the risk. Dunning Kruger at play.

      Why is this prevalent on Android but not desktop Linux? Most likely a combination of 1) Google made it trivially easy to turn on, and 2) the market share of Android is significantly large enough to make it a problem warranting a solution.

      The fact that you know how to circumvent it is inconsequential to the math above. Spoiler: you never were nor ever will be the demographic for these products, in their design, testing, and feature prioritisation.

      • @[email protected]
        link
        fedilink
        208 months ago

        Root access means any app installed could potentially access sensitive banking

        That’s not how it work. Having a rooted phone does not turn it into a digital farwest were every application can do anything. It becomes a permission like everything else; if you only grant it to safe stuff (like, for example, not granting root to a single app but using it to customize your phone through ADB), there’s not much to see here.

        • @[email protected]
          link
          fedilink
          58 months ago

          In fact, it can be better: having root means you can arrange additional ‘firewalls’ between apps and your data , or omit/falsify sensor data the the banking app should not need, that the Google is unwilling to implement.

        • @[email protected]
          link
          fedilink
          18 months ago

          The word “potentially” was critical in the parent’s comment. A banking app cannot be assured that other apps are prevented from accessing its data when the phone is rooted.

          • @[email protected]
            link
            fedilink
            28 months ago

            So? If I, the customer, want to access my banking info, on my phone, with whatever means I want, I should be able to. As I said, it’s not like every app gets root access, if I, as the owner of the device, explicitly gave root access to something, it’s for a reason.

            And the main point that a rooted phone can basically hide itself from any app remains; these “detections” are trivially bypassed in the exact situation they’re supposed to detect.

            • @[email protected]
              link
              fedilink
              18 months ago

              And if you don’t want to wear a mask on your face during a pandemic, you should be able to? Not everything is about you.

              Banks practice defense in depth as other security practitioners do. Not every defense will stop every attack, so a layered, overlapping approach is used.

              • @[email protected]
                link
                fedilink
                28 months ago

                You really are missing the point that if the device is rooted there is nothing an app can do to protect itself. Defense in depth is layering (sometimes overlapping) solutions that do something. Detecting root and saying “nuh-uh” is not doing anything.

      • @[email protected]
        link
        fedilink
        98 months ago

        As long as we’ll have control over the software, it’ll be there. If we reach the point were you’re not allowed to own computers, we’ll have bigger problem.

  • UnfortunateShort
    link
    fedilink
    63
    edit-2
    8 months ago

    The reason is very simple: They rely on Google Safetynet (basically self-diagnosis). And that will immediately tell you off if it notices your device is rooted. And while you can have a lengthy discussion regarding whether this makes your phone less secure or not, this is another simple argument from Google’s POV: The device has obviously been tampered with, we don’t want to put any resources into covering this case. As far as we are concerned, you shouldn’t use our OS like this.

    So basically laziness.

    • @[email protected]
      link
      fedilink
      128 months ago

      SafetyNet is dead.

      They rely on Play Integrity API.

      That covers:

      App Binary signatures App source corroboration - Was it actually installed from the Play Store? Android device attestation - Is it a genuine device powered by Google Play Services Malware detection - Google Play Protect is enabled and has not seen known malware signatures.

      They can choose to ignore any number of those but they do not. It’s part of their security reporting requirements to use attestation I expect.

      Beyond that - a device that doesn’t meet Play Integrity is more likely to be a malicious actor than it is to be a tech enthusiast with a rooted phone: One of them is far more prevalent than the other in terms of device usage.

      Android apps are trivial to reverse engineer, inject code into and generally manipulate. That lets apps like ReVanced work the way they do… but that also means that blue team developers have a lot more work to do to protect app code.

      Source - Android App Developer, worked on apps with high level security audits (like banking apps).

    • Chewy
      link
      fedilink
      10
      edit-2
      8 months ago

      The banking apps I’ve tried don’t require SafetyNet, instead they use Android AOSP’s basicIntegrity. The latter doesn’t require certification by Google, but also checks whether the device is rooted and the bootloader is locked.

      This means custom ROM’s on most devices won’t pass basicIntegrity, as only Google Pixel, OnePlus and Fairphone allow for relocking the bootloader.

      • Max-P
        link
        fedilink
        68 months ago

        OnePlus no longer supports that as of ColorOS OxygenOS 12 unfortunately.

        • Chewy
          link
          fedilink
          2
          edit-2
          8 months ago

          That’s a bummer. Seems like Google Pixel and Fairphone are the only ones left. I don’t even know why manufacturers wouldn’t allow for relocking or even unlocking of their phones. I can’t imagine they make much money with user data and the phone is already paid for. Warranty claims shouldn’t be much of an issue either, as modifications can be easily detected and it’s likely not a relevant amount of people anyway.

          • @[email protected]
            link
            fedilink
            English
            68 months ago

            As I understand it, the stated purpose is to prevent supply chain attacks and ultimately possible damage to their brand. In practice many of these same vendors ship their own spyware and do not want it removed.

  • @[email protected]
    link
    fedilink
    618 months ago

    Banks when you use browser 3 years of updates behind on Windows XP with multiple unpatched CPU vulnerabilities:

  • kbal
    link
    fedilink
    608 months ago

    Google and Apple have been very successful at convincing everyone, including banks, to see the idea of users having control over their own phone-like computers as dangerous.

    • I Cast Fist
      link
      fedilink
      68 months ago

      Next thing you know, banks will try to convince its clients that they really don’t need to access all their money.

  • @[email protected]
    link
    fedilink
    598 months ago

    Because as per usual they don’t understand security. I have started choosing my bank based on software they have. If software looks competent, that’s my most significant influence.

    They think rooted device = insecure device, but at the same time PC is even less secure and yet all the business users use them and more to the point have passwords written on a sticky note glued to the screen. My old bank at one point “upgraded” their software system and then started asking me for weird characters in password and then asked for maximum length which was the final sin I allowed them to commit. Left them that week.

    • lemmyvore
      link
      fedilink
      English
      308 months ago

      My bank keeps their app up to date with all the latest anti-root stuff but allows passwords made of 5 digits. ¯\_(ツ)_/¯

        • @[email protected]
          link
          fedilink
          English
          108 months ago

          Unless they’ve changed it very recently, Wells Fargo’s passwords are case insensitive

          • @[email protected]
            link
            fedilink
            68 months ago

            Air Canada’s online account system required a 6 character password, which was secretly converted via T9 to 6 numbers on the back end, meaning “aaaaaa” and “bbbbbb” were effectively the same password, and this was only fixed in 2018

            • @[email protected]
              link
              fedilink
              28 months ago

              That sounds like someone who topped out with highschool level programming tried to implement a hash algorithm.

              • @[email protected]
                link
                fedilink
                48 months ago

                My personal theory is that it’s a remnant of an old system that was only accessible by phone (hence the 6 digit pin), and they simply grafted an online component on top of it

        • @[email protected]
          link
          fedilink
          58 months ago

          Any service that limits maximum length of the password means they are not hashing them. Which is a scary proposition, especially for such a huge service.

            • @[email protected]
              link
              fedilink
              28 months ago

              It’s possible that limit is either gone or vestige from a bygone age and they are hashing passwords properly now. Either way they do seem like they take security seriously.

    • @[email protected]
      link
      fedilink
      198 months ago

      You’re better off with random different passwords for each service written on a sticky note than using the same password/email combofor multiple accounts.

      • lemmyvore
        link
        fedilink
        English
        88 months ago

        I mean, you’re comparing very different scenarios.

        If one account gets broken into and their password hashing was crap, the attacker can try the email/password combo with other services and can stumble onto another one you use.

        If someone has access to your sticky note they have all your accounts.

        I don’t think I’d call either of them better.

        Of course, all this assumes no second auth factor.

        • @[email protected]
          link
          fedilink
          48 months ago

          If someone has access to your sticky note they’re already in your house, and that’s a bigger issue IMO… even from an itsec perspective, once the attacker has physical access to guarantee safety is difficult.

          But seriously, there’s a guy in your house.

          • lemmyvore
            link
            fedilink
            English
            3
            edit-2
            8 months ago

            But seriously, there’s a guy in your house.

            My house is not a prison… yes, other people come over. There’s the occasional party, handymen doing work, neighbors, parents of kids from school, kids sleeping over, and so on. It doesn’t have to be the ninjas breaking in.

            If you don’t casually keep wads of cash in the open around the house you probably shouldn’t have logins on a post-it either. But to be fair the kind of person that does the latter does the former too.

            • @[email protected]
              link
              fedilink
              18 months ago

              If I know they are there then I either supervise visitors or trust them to not rummage/take my stuff. If that is your issue then keep your postit in a drawer; most people don’t keep their yubikeys in a securely bolted safe either.

        • @[email protected]
          link
          fedilink
          18 months ago

          Just shift the password descriptions a few spots compared to the passwords, then you’ll get email about failed logins as a canary.

  • pacoboyd
    link
    fedilink
    59
    edit-2
    8 months ago

    Let’s be real here. Folks running Linux as thier desktop have a high chance of knowing what they are actually doing. Folks with rooted android phones have a high chance of having watched a 12 year old tell them how to root thier phone on TicTok. Which of these groups is participating in the more risky activity?

    • @[email protected]
      link
      fedilink
      25
      edit-2
      8 months ago

      This is the real problem.

      Far too many people with rooted phones having no business with a rooted phone, installing whatever from wherever with no regard to the security implications.

      At least people with root on a Linux system, by default, are going to be more knowledgeable in that regard.

    • @[email protected]
      link
      fedilink
      238 months ago

      12 year old tell them how to root thier phone on TicTok

      The real pros learn from Indian guys on Youtube

      • pacoboyd
        link
        fedilink
        13
        edit-2
        8 months ago

        Can’t tell if this is serious question or not, but for the end user. Lemmy is a bit of a technical microcosm, so while we might not want protection from ourselves, the MAJORITY of people out there are not technically savvy. So while not everyone has a linux workstation (lets assume 2-3% based on some reporting) Android has an approximate 70% worldwide market share. So that means the VAST majority of people running Android probably can’t be trusted to plug in a toaster correctly. This is the same reason there are guiderails on roads with steep embankments.

    • @[email protected]M
      link
      fedilink
      English
      4
      edit-2
      8 months ago

      The last time I rooted my phone, I used a sketchy app I downloaded from megaupload (man, I’m getting old) that may or may not have given that phone superherpes. You are not wrong.

    • Anna
      link
      fedilink
      38 months ago

      But what about those of us who are running degoogled GrapheneOS.

      • pacoboyd
        link
        fedilink
        58 months ago

        I think you probably fall into that 3% I talked about in my other comment. I bet you know how to block apps from detecting root too, so probably not a good faith argument.

    • @[email protected]
      link
      fedilink
      2
      edit-2
      8 months ago

      maybe it’s just me, but isn’t it quite hard (at least for people not confident doing technical stuff) to root a phone?

      like a decade ago the bootloader may have been unlocked by default and for many phones there were exploits so that they could be rooted with an app, but nowadays you would have to:

      • unlock the bootloader by installing ADB and fastboot drivers, booting into download mode and run terminal commands that would reset your phone in the process; and for some phones, you would also need to shorten a test point and for quite a few of them nowadays, unlocking the bootloader is impossible
      • boot into download mode and flash a custom recovery with fastboot or potentially with Odin or some other proprietary software (or sometimes you can root from download mode)
        • for some newer (including Samsung) phones, you also need to disable dm-verity otherwise your phone wouldn’t be able to boot into Android
      • boot into recovery mode and finally flash (probably Magisk) an image to root the system

      I guess there are usually detailed instructions for this, but I doubt that most people rooting their phones now would be non-techie people who are just watching generic online tutorials. they would most likely stumble upon XDA or other forums that would have proper instructions. and even then, they are not very beginners friendly as they aren’t usually supposed to be followed by people with little to no experience with using the command-line, drivers, how Android phones work internally, etc.

      • pacoboyd
        link
        fedilink
        18 months ago

        Making my point for me. Those short form videos have very little chance of being right or accurate. They may have you going to some sketchy link and download and app that is supposed to do it for you etc etc.

        My point is the people at risk don’t know they are participating in a risky activity. (not if they successfully rooted their phone or not).

        • @[email protected]
          link
          fedilink
          1
          edit-2
          8 months ago

          ah, okay, that’s fair. in terms of short-form social media that tries to engage you, I’d expect little warning and for children especially to take more risks when encountering this type of content.

          Folks with rooted android phones have a high chance of having watched a 12 year old tell them how to root their phone on TicTok.

          I was more focused on this, though, because this sentence implied that you could successfully root your phone with short-form, likely phone-generic tutorials when the process nowadays is much more difficult and technical

    • YAMAPIKARIYA
      link
      fedilink
      28 months ago

      I unrooted my phone because Google making things harder every time was just not worth the benefit to me anymore.

  • @[email protected]
    link
    fedilink
    54
    edit-2
    8 months ago

    I was once working for a project in a bank, a developer answered me to why they go app only, because “you don’t know what people do with their browser”.

    It’s only about the feeling of control (and some paranoia), not about security.

    • @[email protected]
      link
      fedilink
      English
      17
      edit-2
      8 months ago

      What I find interesting is that my bank has kind of the opposite stance. It allows you to do a lot more things if you login via their website and I think they overall trust your actions more if you do it over the browser, but you are required to pass a lot more security checks, while on the app a PIN is enough, but it also doesn’t allow you to do as much.

  • @[email protected]
    link
    fedilink
    548 months ago

    Does your bank have a Linux application? Of course not, you’re using the website. So why not use the website on your phone?

    • @[email protected]OP
      link
      fedilink
      338 months ago

      Most of the mobile sites I visited seemed to have only one goal, to get you to use the app and the mobile interface is often so bad that you’d better use the app

      • 520
        link
        fedilink
        38 months ago

        And desktop mode doesn’t help?

        • @[email protected]
          link
          fedilink
          118 months ago

          In the EU you have to verify your identity every time you log into your bank. You either need a physical token or you can use a mobile app to verify it’s really you

          • @[email protected]
            link
            fedilink
            38 months ago

            No, you don’t. That’s your bank or maybe an Italy thing, but I can login without providing anything beyond my username and password. I do need to use an app to authorise transactions, but not for logging in and viewing my account balance or transaction history, pending transfers, etc.

        • JackbyDev
          link
          fedilink
          English
          38 months ago

          If you don’t have a smart phone, how are you going to use a mobile website?

          • @[email protected]
            link
            fedilink
            38 months ago

            Why do I need to use a mobile website? I guess the comment I replied to was meaning they require their app for mobile banking vs browser which I should have realized

            • JackbyDev
              link
              fedilink
              English
              58 months ago

              The comment is deleted now but it said something like “I’ll tell the bank I don’t have a smart phone so I can’t use the app” implying this would force the bank to allow them to use a mobile website.

              • @[email protected]
                link
                fedilink
                18 months ago

                What I misunderstood was what the bank required an app for, in my very sick and sleep deprived mind I thought they were saying banks required you to install their app to get service from that bank in any form which I thought was absurd, but that doesn’t seem to be the case.

                • JackbyDev
                  link
                  fedilink
                  English
                  28 months ago

                  Ohhhh, I see. Yeah, that is not the case anywhere I know of. Also, I hope you feel better soon tocopherol

  • unalivejoy
    link
    fedilink
    English
    508 months ago

    It’s not just root. They would prefer you not to have a custom keyboard either.

    • 520
      link
      fedilink
      22
      edit-2
      8 months ago

      That’s actually got a solid reason behind it.

      It’s because the OSK is just another program as far as Android is concerned. It can’t directly look into the application, per Android specifications, but it CAN record key presses, even for passwords. It even receives context hints based on the metadata on the input box, so it knows when you’re putting in a password. Then it can send your data off to unknown servers.

        • 520
          link
          fedilink
          68 months ago

          That it is, but at least it’s not sending your card details to me.

          • @[email protected]
            link
            fedilink
            48 months ago

            Yeah but why it’s sending details at all. There are FOSS options which are completely radio silent. Some password managers come with their own board.

  • @[email protected]
    link
    fedilink
    46
    edit-2
    8 months ago

    I can’t believe I’m saying this, but thank God my country developers are incompetent.

    I was greeted with this message:“This app can’t be used on a rooted device” And I was prepared to go through hoops to get it to work. you know, fucking safetynet and all. But it turns out that the solution was just enabling zygist on Magisk.

    • @[email protected]
      link
      fedilink
      98 months ago

      Same, hiding root from my bank app was easy, no safetynet needed.

      But their NFC phone payment was something else. I had to use safetynet and google play integrity fix with fingerprint that need to be renewed and other bullshit. I sent my phone in a boot loop too because the latest version had a bug for my specific phone …

    • ☭ SaltyIceteaMaker ☭
      link
      fedilink
      98 months ago

      My bank app had this and i had to go through quite a lot of hoops. Then i didn’t have root for a while (new phone) and when i got root again i also only needed to enable zygist for it to work. So i guess they changed it?

      • 520
        link
        fedilink
        10
        edit-2
        8 months ago

        Zygist is a way of hiding the fact that you have root access . Likely your bank changed absolutely nothing.

    • LiveLM
      link
      fedilink
      English
      18 months ago

      Lmao, same.
      I am both happy and slightly worried. Hapied?

  • @[email protected]
    link
    fedilink
    418 months ago

    My bank doesn’t know for some reason. I don’t even pass (as femme but that’s not relevant) safetynet, but it doesn’t seem to care. Sadly can’t pay with my phone or watch tho

  • @[email protected]
    link
    fedilink
    388 months ago

    It’s the banking equivalent of turning your device off for aircraft take off and landing.

    If you keep doing stupid shit for long enough you can turn it into a religion. Huge profits will follow. It’s also why the unexamined life is no life at all.

  • @[email protected]
    link
    fedilink
    348 months ago

    Btw, have you guys heard of Taler? It’s pretty interesting and I think you will be able to use it with a libre app

    NGI TALER is a pilot funded by the European Commission and the Swiss State with the very concrete objective to roll out a new, best-in-class electronic payment system that benefits everyone: people, merchants, banks, financial authorities, auditors and anti-corruption researchers. The project doesn’t have to start from scratch either, but builds on the strong foundations of GNU Taler — the privacy-preserving digital payment system developed by the GNU community and Taler Systems SA with support from the NGI initiative. This offers privacy for those that make payments, while enforcing transparency on those that sell. By providing micro payments at very low overhead, GNU Taler permits internet business models to shift away from advertising revenue or subscription models, especially for online publishers. No-risk transactions can lower transaction fees and open online payments for the underbanked population and citizens marginalized from digitalisation.

    https://nlnet.nl/taler/

    • @[email protected]
      link
      fedilink
      5
      edit-2
      8 months ago

      I tried reading the website, but Im not really sure I get it. What it’s supoosed to be? A way how to make FIAT payments thats open-sourced and private (so you dont have to pay stupid fees to banks), and it integrates into the current banking system, or is it some kind of digital currency that’s not blockchain based?

      If it’s the former - isnt any kind of payment without KYC almost impossible, since its heavily regulated? So, you can’t really have private payments in environment where there’s stupid amount of laws about how much you can actually pay without it being identifiable, for example the super small monthly limit on anonymous prepaid debit cards?

      • @[email protected]
        link
        fedilink
        38 months ago

        Oh, I see. Oh well.

        Can I send money to my friends with Taler? Taler supports push and pull payments between wallets (also known as peer-to-peer payments). While the payment appears to be directly between wallets, technically the operation is intermediated by the payment service provider which will typically be legally required to identify the recipient of the funds before allowing the transaction to complete.

        • @[email protected]
          link
          fedilink
          38 months ago

          Your bank already knows who you are, but with Taler you will be able to make payments using libre software and the bank won’t be able to track them. I guess if you send money to a friend, their bank will know they received the transaction, but won’t know who it was from. At least that’s my understanding.

      • @[email protected]
        link
        fedilink
        38 months ago

        It’s not a currency - just a new payment system, but I don’t know how it works exactly. In order to make payments with it, your bank has to support it. Some banks are working on integrating it now. It’s supposed to be anonymous and the transaction history is supposed to be private. Currently only cryptocurrency has such features, but it looks like Taler will change that.

      • @[email protected]
        link
        fedilink
        38 months ago

        I played around with GNU Taler a while back. The payer is anonymous but verifiable (so I can’t pay with the same €3 ten times to ten people) but the recipient is known and the payment connected with the recipient, to satisfy avoiding tax evasion and fraud.

        It still anticipates merchants taking some fee, but that fee should be able to be much less, as it doesn’t depend on Blockchain (requiring so much work) but is a suitable cryptographic algorithm so 3rd party merchants can compete.