this post was submitted on 08 Aug 2024
98 points (98.0% liked)

Privacy

32229 readers
717 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Banking apps seem to be a motif among things that don't play well with privacy ROMs. My bank's website does everything I could want out of it. I think I might be ignorant to something.

  • What about banking apps is especially compelling?
  • How often do banks put must-have features behind an app?
  • And should I be concerned that banks might move away from offering services through browsers?
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 30 points 3 months ago (1 children)

Notifications and Mobile Deposit are the 2 features from banking apps that I find compelling.

[–] [email protected] 16 points 3 months ago (5 children)

Can't do anything about mobile deposits, but for notifications, you could get the notifications emailed to you and your email app has push notifications.

[–] [email protected] 4 points 3 months ago (2 children)

I mean, they could offer it through the browser. All modern browsers have more than enough hooks and permissions control to do something as simple as take a couple pictures and make a basic request to a back end.

Though making nice things costs money, so...

[–] [email protected] 4 points 3 months ago

Oh, of course they could do so, but they won't do it because they want you to use their app. They want you to use their app because they control it and can mine data from it more so than on a web browser. Take Cime, for example. It has all kinds of Google trackers in it.

load more comments (1 replies)
[–] [email protected] 3 points 3 months ago (1 children)

Bold of you to assume my email app has push notifications

  • A sad Proton user using a de-Googled device
load more comments (1 replies)
[–] [email protected] 2 points 3 months ago (1 children)

Depends on the bank and what kind of notifications you want.
Some banks only allow certain types of notifications to occur through the app.

load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 14 points 3 months ago (1 children)

It's a must for me. My phone is my primary day-to-day computer, so I need to be able to so everything from that. Unfortunately that is also why I'm not using graphene OS, because our government 2FA system doesn't work in graphene OS (even with play services installed) so it's impossible to do anything. I can't check anything WRT banking, schools, taxes, daycare, doctors appointments, hospital record or change anything that requires the involvement of city hall, including checking digital mail from the municipality or government. It's basically not possible to function in our society without it.

[–] [email protected] 3 points 3 months ago (2 children)

Out of curiosity, what do older citizens do? Like those in their 80s? Many here do not have a smart phone or mobile.

[–] [email protected] 5 points 3 months ago* (last edited 3 months ago) (2 children)

For banking and other official business, they have to go physically. If their bank has no physical department near them well then it sucks to be them. For digital mail you can apply for exemption and you will get physical letters.

You can order a digital code generator so you don't need the app if you still want 2FA for digital handling. But I don't want to have to carry that with me it would be a significant inconvenience for me.

load more comments (2 replies)
[–] [email protected] 3 points 3 months ago (1 children)
[–] [email protected] 4 points 3 months ago

Wow, that is pretty hostile to the elderly. Imagine those who struggle to get about? Excluding them from society.

[–] [email protected] 14 points 3 months ago

My bank's app has way less functionality than the web version, but it's used as a second factor to auth some operations, so I have to use both.

[–] [email protected] 13 points 3 months ago (2 children)

Depends on the country. I'm teaching in Thailand and here you can't do any banking through a browser. You can only use the bank's official app and you don't even have a login/password for it, you have to go to the bank and activate the app in person as a foreigner (I think Thai citizens can do it online but foreigners have to do it in person). Nobody takes actual cards for the payment and you pay everywhere by scanning QR codes which has to be done through the app. If you buy a new phone you have to activate the app again at the bank's office. It's really annoying and the reason I probably can't go with GrapheneOS or any other custom roms because the bank app is absolutely essential.

[–] [email protected] 5 points 3 months ago (2 children)

Is using cash impossible in daily life instead? It is hard to imagine for me that a smartphone may be outright required for daily life...

load more comments (2 replies)
[–] [email protected] 2 points 3 months ago

Oh yes this QR code bullshit drives me nuts back home too

[–] [email protected] 11 points 3 months ago

Mobile check deposit is the only thing I want from my bank's app.

I'm running LineageOS with Magisk and Play Integrity Fix. That works for my bank's app, but I'm annoyed that they make me do it and gave their app a 1-star review on Google Play for it.

[–] [email protected] 10 points 3 months ago (2 children)

I don't like smartphone and won't use apps for anything important.

load more comments (2 replies)
[–] [email protected] 9 points 3 months ago

Apparently US apps suck since our system is a dinosaur.

[–] [email protected] 9 points 3 months ago

Usually not worth it, the website usually has everything.

I've been surprised by how many banking apps I've seen that don't require safteynet or google services (I thought basically all of them would require it). Some banks websites don't work very well on mobile, so that's some peoples reasoning.

[–] [email protected] 8 points 3 months ago (2 children)

Cashing checks and zelle are the big ones

[–] [email protected] 5 points 3 months ago (2 children)

Zelle is sketchy even when compared to other cash transfer apps. They do a lot of freezing people's money. Don't use them if you have any other option.

[–] [email protected] 4 points 3 months ago

I use Zelle almost exclusively for my business and I have never had an issue with it.

[–] [email protected] 2 points 3 months ago

Do you have some examples?

[–] [email protected] 3 points 3 months ago

Same here, mobile check deposit and Zelle are literally the only things I've ever needed a bank app for.

I used to never use Zelle for anything but too many friends/family want to use some sort of app for exchanging money & that's usually what we settle on. And my old landlord wanted rent paid via Zelle so that was another thing that forced me to install a bank app for Zelle purposes.

Mobile check deposit is a requirement when dealing with a bank without any locations nearby. In practice I only need to use that once a year or so, checks are kind of rare nowadays unless you're a business owner with clients/customers paying with checks.

[–] [email protected] 7 points 3 months ago

Never used them and I likely never will

[–] [email protected] 7 points 3 months ago* (last edited 3 months ago) (2 children)

In Finland, extremely.

The banks here provide digital ID verification online. You use it to log into tax services, the national health-care database, to apply for schools, other education-related stuff, apply for welfare, register trade names... etc. The list goes on and on.

Stuff you'd otherwise have to personally visit or mail documents to offices of various government institutions for, can be done extremely smoothly online.

With my bank, the app is used for one of the verification steps. When verifying your identity online, you need to authorize the login from the app by entering a PIN from memory when prompted. There are alternatives but this is by far the most convenient.

The same banking app also notifies me the second any money comes into or leaves any of my accounts. No transactions can occur without my knowing. It lets me know when I receive my pay, or when an electronic invoice comes in (power, phone bills, etc. come right into the app), gets automatically paid, or when explicit authorization is needed due to one being irregular.

Most of the services my bank provides can be accessed via browser, but the stuff above is the kind you can't achieve in a browser.

Honestly OP Pohjolas app is so feature-rich I've been able to pretty much set it up to run my finances for me. All I do is keep an eye on my accounts to make sure things are going right.

[–] brb 2 points 3 months ago

Can confirm. On top of all that, the app is way more intuitive to use than the website.

[–] [email protected] 2 points 3 months ago (1 children)

I remember when I got here it was a nightmare for the first few months when I didn't have strong auth. It took several months to open a bank account and you basically can't do anything without that stuff

[–] [email protected] 2 points 3 months ago* (last edited 3 months ago)

Pretty much. Helping my grandmother deal with misplacing or forgetting her login details has been hell a couple times.

It's extremely convenient when just go about your life with it already on hand, but for obvious reasons the security measures are extreme and it's a pain to set up or recover your id.

[–] [email protected] 7 points 3 months ago

My bank doesn't have a website and it makes me want to kill them.

It's crazy that it's even legal to only have an app

[–] [email protected] 6 points 3 months ago

Depositing checks is about the only useful thing I've seen on my local bank's app, but that only matters if you do business stuff with people who pay with checks.

[–] [email protected] 6 points 3 months ago* (last edited 3 months ago)

I don't use them. Web banking works completely fine for me. Back when I did use them, though, I always used them on privacy ROMs/GOS specifically. Went through 4 different banks and all their apps worked fine for me on GrapheneOS. No Google Play services either.

[–] [email protected] 5 points 3 months ago

My bank's 2FA works only via their app or via SMS. For SMS I would have to pay per each received SMS.

The app perfectly works without safetynet, with microG, rooted with magisk but hidden by zygisk, so I'm lucky. At one update they added a popup at start after login about asking to add my card to Google Wallet (or whatever it's called nowadays), and it's not implemented in MicroG, so I can't open it since that version. I just downgraded to the last working version and blacklisted its upgrades in Aurora, and I hope they won't block my old version in the near future.

It's a very progressive small local bank, I will contact them about this issue if they block my old version to make that dialog optional.

[–] [email protected] 4 points 3 months ago

My bank only has an app, no website option, but luckily it works just fine on GrapheneOS with no Google Play. I barely use it anyway as I pay cash everywhere possible

[–] [email protected] 4 points 3 months ago (2 children)

2FA must be done through the damn app. It's TOTP (six digit) but locked behind god knows what. I asked for alternatives and they looked me like I was a caveman.

[–] [email protected] 3 points 3 months ago

That would tempt me to dump a backup with adb and rifle through the app data to find the seed

[–] [email protected] 2 points 3 months ago

When they give you that QR code for the 2FA app, print it out and file it away. That is the seed.

[–] [email protected] 4 points 3 months ago

I've never used a banking app and I do quite a bit of business with multiple banks.

[–] [email protected] 4 points 3 months ago

I just use the progressive web app on phone, works fine for my bank

[–] [email protected] 4 points 3 months ago

I don't use them and haven't missed them. I see one of my local branches has ripped out its outdoor ATM's though. Wonder if that's related to moving stuff to apps.

[–] [email protected] 3 points 3 months ago

I've never used a mobile banking app. Been using smartphones since they became generally available. I don't need any payment apps and I generally don't do anything important on my cellphone except for communications.

[–] [email protected] 3 points 3 months ago (1 children)

Website here is awful. Paste is disabled, it’s not optimized for mobile, it’s a PitA to use, & there is literally code to check if the user is running Netscape Navigator 4. The site has a weird encoding that doesn’t allow English punctuation, & to change your email or phone number requires physical documents, ID, & a wait period. The app is poorly coded & doesn’t work if you have root, are running a custom ROM, (& likely if you don’t have Google services)—so I do just use the site. …But if we are being real, I actually always keep cash on me & cash is preferred so while the problem is still relevant, needing the app/site isn’t dire.

What is really missing for my country on the site is QR code scanning for bank-to-bank transfers that a lot of vendors use & to do some bill payment. For instance, while I could set up the electric bill to auto-debit, my internet bill only has QR scan without a physical bank number I could transfer to (& the short list of utilities doesn’t include my net)—so I take a 25-minute bike ride in the heat once a month to pay that bill but I reward myself by getting to swing by the nearby-ish Hong Kong pie bakery to get a treat & a latte to make out-of-the-way trip feel worth it.

When I do have to use the site & since there is no QR code scanning, the workflow is:

  • Login (I have a script to block their paste-blocker to use my password manager)
  • Create a new recipient which requires a unique name, the account number + their banking service provider, phone or email, and 12-digit SMS 2FA code (no TOTP or FIDO2 option); this process is done on a desktop-only site which is hard to work with
  • Confirm that with email
  • Go to transfers, select my from account (despite me only having one account & no default preference option), find that user I created, fill in an amount, do another 12-digit 2FA
  • Then they want to take a picture of my phone after the transfer for whatever reason reason

This process due to bad UX can take up to 10 minutes if they are not ready. So the tl;dr is to carry cash or hope an ATM is nearby.

I had discussed it with a local & he said there has been more push towards cashless brought on by businesses/government wanting to track everything & tourists demanding their privacy-invasive ‘comforts’ like $BIG_TECH_PAY & $CREDIT_CARD options despite most folks being fine with cash. Cryptocurrency is basically never accepted either.

load more comments (1 replies)
[–] [email protected] 3 points 3 months ago

most banks here require 2fa so theres that

and most block even it on custom roms

cant wait for this shit to be cracked already

[–] [email protected] 3 points 3 months ago* (last edited 3 months ago) (1 children)

I'm in the UK. I do not use them. I can login via website, and use text as 2FA. I do not need to use it out of the house but have that option if I want.

I pay via bank debit card.

I would be surprised if they app locked features. It would exclude elderly and probably be illegal.

load more comments (1 replies)
[–] [email protected] 3 points 3 months ago* (last edited 3 months ago)

Things you can't do with the website:

  • Login with biometrics. Wants password and 2fa each time. As it should, but it gets tedious, especially when I want to confirm online payments (which need to be confirmed inside the interface after you login).
  • No contactless payments. You can enroll a card into Google Pay but fuck Google, I don't want them seeing what I buy.
  • No notifications, hope the bank is willing to send SMS instead.
  • Bit more tedious to send money to someone because the website can't look up contacts by name, have to look them up separately and copy the phone number over.
[–] [email protected] 3 points 3 months ago

I think your largest banks like your Wells Fargo's and Chase and Discover, etc. are going to take quite a long time to move to app only stuff if ever. However, newer entrants such as chime do lock functionality behind their app and make their websites really terrible. So I would avoid those.

[–] [email protected] 2 points 3 months ago (1 children)

I haven't had any issues with banking apps on GrapheneOS with play services installed

load more comments (1 replies)
[–] [email protected] 2 points 3 months ago

The only time I've willingly used a banking app is when they lock out my VPN IP. In those cases the app still usually works for whatever reason. So far, I haven't found any functionality missing from the webapp, but I'm also dealing with brick and mortar institutions.

I would be concerned as they will eventually probably move to a phone app first ecosystem, however it will probably take a while. Some people are still only using in person and phone banking (where you call them and punch in numbers).

[–] NGC2346 2 points 3 months ago

• Convenience, no need to waste time and car fuel going back and forth to the bank all week as i get a lot of cheques and i can just deposit straight after reception from my phone itself

• Mine put new ones in all year round as its not really a bank, kind of the same but it's a "caisse populaire" in my language.

• Not really. If they offer it to mobile, they'll offer it to computers always.

load more comments
view more: next ›