linuxmemes

20483 readers

967 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

[email protected]

1018

Why don't banks like root on Android? (lemmy.world)

submitted 4 months ago by [email protected] to c/[email protected]

188 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 78 points 4 months ago (14 children)

Because they want to "protect" you from "yourself". Imagine, you could scrape your own data that you can already see.

I'd be really worried if the security of server operation for my bank depended on the client-side. But playing devils advocate, some people will most likely point out that a root exploit on a phone may be unintentional and used to spy on people, to which I answer:

show me a big scary box where I can "accept the risk" and move on
keep in mind that if I am root on my phone, I can hide the fact that I am root on my phone and you'll be none the wiser

Currently, option 2 is in effect, sadly.

[+] [email protected] -9 points 4 months ago* (last edited 4 months ago) (6 children)

You deftly evaded the leading attack vector: social engineering. Root access means any app installed could potentially access sensitive banking. People really are sheep and need to be protected from themselves, in information security just like in anywhere else.

You don't get a "accept the risk" button because people don't actually take responsibility, or will click on those things without understanding the risk. Dunning Kruger at play.

Why is this prevalent on Android but not desktop Linux? Most likely a combination of 1) Google made it trivially easy to turn on, and 2) the market share of Android is significantly large enough to make it a problem warranting a solution.

The fact that you know how to circumvent it is inconsequential to the math above. Spoiler: you never were nor ever will be the demographic for these products, in their design, testing, and feature prioritisation.

[–] [email protected] 19 points 4 months ago (5 children)

Root access means any app installed could potentially access sensitive banking

That's not how it work. Having a rooted phone does not turn it into a digital farwest were every application can do anything. It becomes a permission like everything else; if you only grant it to safe stuff (like, for example, not granting root to a single app but using it to customize your phone through ADB), there's not much to see here.

[–] [email protected] 6 points 4 months ago

In fact, it can be better: having root means you can arrange additional 'firewalls' between apps and your data , or omit/falsify sensor data the the banking app should not need, that the Google is unwilling to implement.

load more comments (4 replies)

load more comments (11 replies)