The biggest "evil" that has been committed (and is still being committed) against computing has been normalizing this idea of not having root access to a device you supposedly own. That having root access to your computer, and therefore being the ultimate authority over what gets run on it, is bad or risky or dangerous. That "sideloading" is weird and needs a separate name, and is not the normal case of simply loading and running software on your own computer.
Now, we're locking people out of society for having the audacity of wanting to decide what gets run and not run on their computers?
I think, practically, everyone will need at least a cheap-ish android or iphone, perhaps $300 (and a new one every few years ...), to be their locked-down "agent" for using financial or government services. It's not for you, it's for the government/banks, it is their agent for talking to you.
Kinda weird, if you think about it. But that seems to be the way it's heading.
> everyone will need at least a cheap-ish android or iphone, perhaps $300
No, the much more secure while at the same time liberty-preserving way to do this are heavily sandboxed secure enclaves with attestation, or even better standalone tamper-proof devices capable of attestation.
Like the ones practically every bank customer already has in their wallet, and for which most phones have a built-in reader these days... The only thing missing is a secure input and output channel, like a small built-in display and a button or biometric input.
In any case, I somewhat empathize with banks in that they want to ensure that my transaction confirmation device is not compromised, but getting to dictate what software does and doesn't run on my own hardware outside of maybe a narrow sandbox needed to do that is a no-go.
In principle I'm certainly on board with the idea, but the problem is - at least in the Anglosphere, probably further - that the financial system is part of the military and policing systems. They are a powerful and persistent lobby that want a phone to be able to provide enough who-what-when-where to be able to put someone in jail or in extreme cases drop a missile on them.
That is one of the reasons the crypto market is behaving like some radical innovation instead of just a group of bozos speedrunning financial history. For the first time since the invention of capital we have an asset class where it doesn't take the cooperation of a group of armed thugs to guarantee the integrity of the system.
I don't see how a separate dedicated piece of hardware is less secure. It has zero contact whatsoever with your other comm devices. It can be switched off when not needed, to prevent any chance of tracking you. Think of it as of an advanced yubikey.
It's not money-preserving though. You need an extra device, and an extra phone number. The separate phone number is another privacy-preserving feature though.
There's a second layer to the conflict here, in that (e.g.) the banks will want to move the entire flow into whatever secure device, enclave, or "agent" they supply - meanwhile, the whole point of me having a general-purpose computer is to be able to do general-purpose computing that I want within this flow.
My favorite, basic example is this: I'd like to create my own basic widget showing me my account balance on my phone's home screen. Doesn't have to be real-time, but accurate to +/- few minutes to what the bank app would say when I opened it. It has to be completely non-interactive - no me clicking to confirm, no reauthorizing every query or every couple hours. Just a simple piece of text, showing one number.
As far as I know it, there's no way of making it happen without breaking sandboxing or otherwise hacking the app and/or API endpoints in a way that's likely to break, and likely to get you in trouble with the bank.
It should not be that way. This is a basic piece of information I'm entitled to - one that I can get, but the banks decided I need to do it interactively, which severely limits the utility.
This is my litmus test. Until that can be done easily, I see the other side (banks, in cooperation with platform vendors) overreaching and controlling more than they should.
The point of the exercise isn't to just see the number occasionally; I can (begrudgingly) do that from the app. The difference here is that having the number means I can use it downstream. Instead of a widget on the phone screen, I could have it shown on a LED panel in my home office or kitchen[0], or Home Assistant dashboard. Or I could have a cron job automatically feeding it to my budgeting spreadsheet every 6 hours. Or I could have an LLM[1] remind me I've spent too much this week, or automatically order a pizza on Saturday evening but only if I'm not below a certain threshold. Or...
Endless realistic, highly individual applications, of a single basic number. The whole point of general-purpose computing empowering individuals. If only I could get that single number out.
Nah, if a bank or some other civic entity wants to have a "secure agent" for transactions/communication with me, then they should be the ones providing that.
Much like I expect my employer to provide me hardware, and that hardware is used exclusively for work.
I shouldn't have to spend my own money on another device, nor should they be asserting their desires for control onto my own devices.
The issuing entity. They want a "secure device" to do business with me, then they get to issue said device.
Otherwise, they just get to be OK with offering me a website or letting me transact with them on my own device that's under my own control without stipulations like requiring attestation, or prohibiting root.
The point is, governments nor banks or other private entities, should be getting to dictate what can and cannot be done on someone's computing device.
A country that is a dictatorship - I can understand why their slaves have to go through this. I fail to see why a true democracy would do this though. There is zero need to be required to have a smartphone; all those transactions work perfectly fine on a desktop computer system too, under Linux. People then may have a second device at home, some card reader and/or a thing such as Yubiko or something like that. IMO not even this should be required, but to mandate an app that would not be permissive under Linux - that is true dictatorship. I am surprised the government of Vietnam went that way.
Even elected governments already have the ability to take whatever they want from you, and force you to act against your own interests; this seems like a comparatively minor infringement.
If not, you should seriously consider switching banks (while you can). I suspect that such banks do not take security seriously: Giving control over your phone to Apple/Google is not security.
Maybe in US. In Vietnam, $300 is the average monthly salary, and the minimum wage is around $150. Probably the majority of people don't have a primary phone worth more than $300.
My (Canadian) bank extorted me into installing their app, literally blocking me from doing transfers of my own money without it - I had to install it and take a picture of myself and my ID. After this I was able to switch to sms authentication and delete it, but they’re obviously trying to force people onto the app, and eventually they will do so more aggressively.
Of course in Canada we have a banking oligopoly that is effectively there just to rob people, but ironically any of the “challenger” startup banks are 100% app based afaik
> Of course in Canada we have a banking oligopoly that is effectively there just to rob people
Are there any OECD nations that don't have a banking oligopoly? I can think of at least one: Germany, because they have Sparkasse (community banks). Does Canada have community banks like Germany and the United States? If yes, then you should vote with your wallet and switch.
May I ask what bank? I use CIBC and RBC. They do not require any apps on the phone to reach whatever services they offer. I use all my work on desktop.
I did install app from CIBC for one single and the only purpose - deposit cheques sent to me by clients to my business account without having to go to ATM or the bank teller.
Does not work anymore for many banks in Germany. I have 2 accounts that require me to have different second factor apps installed. For one bank I would have to open a separate account with a debit card to use hw tan generator. For the other AI would have to switch bank account after the regulators banned SMS and indexed paper TANs.
Assuming the browser has feature parity. I was visiting my parents over Xmas and my dad couldn’t make a payment because the number of saved payees was capped to 100. There was literally no option to delete a payee in the website, the only way we found was to install the app, authenticate, and do it in there. It’s happening already.
I hate that this is happening. I absolutely detest doing any kind of task other than pure content consumption and basic messaging from a smart phone.
Anything remotely more advanced than that, please let me use my computer and an app or website with, you know, an interface designed for more advanced operations.
Trying to do anything on a smartphone/touchscreen only device is nothing but an effort in pure frustration for me.
Phones are no longer ours. A bit like bought ebooks, games, movies,and the like. we just payfor the right to use them. ok the phones we can keep, so we pay a lot for the hardware, but the OS: not. They like to advertise it as part of the phonev but it' not. The little surveillance machines.
The problem here isn't the money, it's the lack of privacy and control.
The best analog I can think of to piracy in this situation would be rooting the phone/installing GrapheneOS. And, yeah, that's definitely something people should do if they want that control, but I really hope people don't put it in the same category as piracy...
What makes a phone a viable consumer device is the baseband controller. The majority of that complexity lies in the software on the controller and not in the hardware the implements it.
How many companies even produce these controllers?
The idea that the government should have the right or ability to do this in the first place is actually insane. Ideally the government doesn't want to do this in the first place, but even if it does it shouldn't have the technical ability to.
No need for the scare quotes. Forcefully removing people's agency over themselves is pretty much the definition of evil. We do not hurt criminals as punishment anymore, in the civilized age, but we still lock them up.
Now, of course we should not equate physical prisons and digital prisons in any other way, but we should absolutely call both forms of imprisonment evil, plain and simple.
I would guess it's because people blamed the device/OS manufacturer for when their device got infected with malware (which is almost always due to user error).
Through the 00s, Apple practically built their reputation on being "virus-free" which really just meant they locked out the user from being able to do anything too extreme.
It is also interesting that yet another government is prepared to increase its reliance on American big tech.
I do not know whether Vietnam has any pretence of digital sovereignty, but many countries that do are doing this like this to actively move away from it.
Where in Europe? Some countries are making some efforts to get away from cloud providers like those but all I know of are increasing dependency on Apple and Android.
Lots of American big tech is actually developed in Israel - like Microsoft Azure's cloud services. Israel also has a history of getting caught selling American technical secrets to countries like China. Almost every major VPN is owned and operated by an Israeli company.
Screaming into the void about how your device is so great it could be used for attestation, combined with a small but vocal security industry full of grifting chicken littles, virtually guaranteed this would happen.
The real irony here is the use of free software to tear down everything the free software movement stood for.
Root access is irrelevant; modification detection is relevant. If your OS was sealed-attested, root wouldn’t matter (Macs have this in shipping production by default and it works fine for everyday users). For modding, go for it; your modded OS will be signed by your own crypto key (or none at all). Unfortunately, the media and the businesses and quite a lot of expert users confuse root-access-enabled as a convenient modification-detection method (presumably Google’s core is more competent than that, has anyone studied it?). Sigh.
Put like this, root access is indeed irrelevant. The ability to modify is what we want, i.e. what freedom of general-purpose computation is. The very thing banks and other businesses take away from us.
Exactly. Also the smaller stupidity - inability to add your own root certificates to the system store.
In fact this is what led me to unlocking the bootloader, swapping the OS and rooting my phone. The infuriating situation where if you setup so called "corporate owner" (or mdm) during the first login you can add your own certificates, but if you don't... Basically the "corporate owner" of your phone is Google.
Yes, literally, you do not own it.
Also it is worth noting certain countries where "rooting/bootloader unlocking is illegal" - namely China and the horrible stupidity of people claiming EU Gdpr prevents manufacturers from offering simple bootloader unlocks for their phones.
We absolutely need to vote with our walkers. I bought a Samsung before and a Xiaomi recently only because both allow relatively simple unlock (ok the Xiaomi requires you to wait to press "request unlock" exactly at midnight Beijing time", and it only works for non-Chinese phones, but still unlocks fine.
It astounds me that purists still push this narrative despite all evidence to the country over decades of computing.
It is better for the vast majority of people that they don't have root access to their PC or phone or tablet because they are unequipped to securely manage that AND it has basically zero upside for them. They can't manage updates. They install random programs from the Internet to get smiley faces in Outlook.
This may offend your sensibilities. Sorry. But you're living in a fantasy land if you still hold onto this narrative, particularly without explaining to ordinary people how this will practically benefit them beyond theoretical platitudes about "freedom".
If it's mandated that banking apps must not run in a user-controlled environment for the sake of security, users should have the right to refuse such "protection" by signing a piece of paperwork at the banks office.
It’s not an evil at all. For 99% of people who aren’t “computer people”, when we gave them that, we got the Bonzai Buddy and 47 other malware toolbars installed. Did we forget 2003 already?
App sandboxing and system file integrity is one of the most beneficial security features of modern computing, and the vast majority of people have no desire to turn it off. You can buy rootable phones. People overwhelmingly choose iPhones instead.
Even if Apple sold the SRD at scale, nobody would buy the weird insecure hacker iPhone except us and maybe kids who realllly want Fortnite.
Because when you don't do this, people get scammed out of money.
If there is a series of buttons you can press to circumvent the anti-scam measures, then the scammers simply walk you through pressing those buttons. If you cover them in giant warning labels the scammers simply add explanations into their patter. The buttons must physically not exist, for gullible people to not get scammed out of money.
The next response will be 'well maybe we shouldn't accommodate them'. They vote, and there's more of them than you.
> Because when you don't do this, people get scammed out of money.
No, only when you don't do this and nothing else to improve security. You're presenting a false dichotomy.
> If there is a series of buttons you can press to circumvent the anti-scam measures, then the scammers simply walk you through pressing those buttons.
If the scammers can walk somebody through doing all that, why would they stop at just asking them to send money over to them "to safekeep it because of a compromised account" or whatever the social engineering scheme of the week is?
> Because when you don't do this, people get scammed out of money.
Bullshit. Big tech's war on general purpose computing hasn't stopped scam. It's a pretext for rent seeking and control and you know it. It's the reason we don't have a popular ecosystem of FOSS alternatives on mobile. It's the reason we can't run virtual machines on tablets when the hardware very much can.
If combating scam is a priority of big tech, I know where to start. Get rid of ads! That would actually be enormously effective as it gets rid of the primary entry point of scams.
> If there is a series of buttons you can press to circumvent the anti-scam measures
So the best you can come up with is an imaginary button on phones that can magically circumvent checks that should be implemented server-side? Have you any idea how software works?
> If there is a series of buttons you can press to circumvent the anti-scam measures, then the scammers simply walk you through pressing those buttons. If you cover them in giant warning labels the scammers simply add explanations into their patter. The buttons must physically not exist, for gullible people to not get scammed out of money.
We shouldn't be protecting someone that gullible at the expense of everyone else who is smart enough to actually read whats on the screen and not fall for such simple scams.
Not that long ago most of this forum was very much against giving up freedoms in favor of catering to the lowest common denominator. What happened?
People need to take responsibility for their own actions and educate themselves, not rely on a lack of freedom to protect them.
Or rig screens such that the buttons do not appear to be what they are. I've seen many a install-this-app ads where cancel isn't cancel.
The average user simply does not have the skill to determine real from fake and any heuristics to do so will be defeated by the scammers. You have to be able to understand what could be done with access, not what's "intended" with the access.
> App sandboxing and system file integrity is one of the most beneficial security features of modern computing,
You can have sandboxing and system integrity while still giving the user overrides. But hey this is not Google and Apple's business model because it makes you less dependent on them. And it interferes with their sweet 30% rent-seeking app stores.
Mobile security works this way not because it's best for us but because it's best for making them money.
> You can buy rootable phones.
Eh yeah but the problem is of course being locked out of apps if you actually root it.
I don't want Google or Apple to decide what I can do with my phone. Or the government like in this case. This also opens the door for evil spyware like chatcontrol in europe. Even today they are trying to enforce a backdoor into whatsapp to block "harmful content" which is of course impossible without breaking or circumventing the E2E on-device.
> People overwhelmingly choose iPhones instead.
Maybe in America, not here in Spain. I guess not in Vietnam either.
> You can have sandboxing and system integrity while still giving the user overrides.
How? What kind of overrides? You mean that Safetynet could still report attestations?
I have no idea how it works, but doesn't it require a chain of trust, starting from a known boot image, then every process that can write to arbitrary memory needs to be a known image? (And even that might not be enough if there are ways to dynamically exploit them.)
No, you can just make a system secure without requiring attestation and stuff like that.
I don't believe in remote attestation anyway. It didn't even say the service is secure. It just proves it's as released by Google. But security doesn't have to rely on a big brother checking things for you. You can have security without it.
You can have integrity checks that allow the user to choose which signing keys to trust. Some PCs with secure boot, and some phones such as Pixel devices support this. GrapheneOS uses it.
In those systems, it won't boot without a good signature, so the user is protected against attacks that break the user's chosen chain of trust.
Remote attestation of consumer devices, e.g. Safetynet is evil.
The irony is that Apple started out by discovering the the hackability of the hardware and software they found in their time. Instead of leaving something like that behind for those who come after them, to pay back what was given to them, they build walled gardens where you’re just not allowed to “bump into the walls too much”.
> You can have sandboxing and system integrity while still giving the user overrides.
I think this is wishful thinking, and the most experienced organizations in the world in this field agree with me. You can’t square this circle.
We can pretend that these two things can coexist, but they cannot. Where there are overrides, there are youtube tutorials on how to disable the overrides to install malicious botnet vpn surveillance proxy apps to get free robux. (to borrow a turn of phrase from @ptacek iirc)
If you give users an escape hatch, they will get malware in ring 0 and Apple Pay will stop being a thing because people’s cards will start getting remotely skimmed at scale. (Or Amazon will give you 1.5% off all purchases to install a rootkit that uploads your complete realtime cc nfc purchase boop history and email receipts and location track so they can figure out which businesses to clone/dump on next.)
If you say “…but not the SEP” then you’re just admitting that you need a part of the phone the user does not and cannot control. Most users care about the privacy of their nudes and sexts so they’d rather it be the whole damn phone.
Did we forget that even the not-full-scale escape hatch that was enterprise app certs was abused by Meta (then Facebook) to install surveillance VPN backdoors on customer phones at scale? Apple didn’t even know bc they were sideloading them via enterprise certs and when they found out they revoked them across the board, but by then thousands of people had had 100% of their phone’s network traffic surveilled by an ad company without consent.
So wait, the solution for malicious spy ware installed by corporations like Meta is giving ownership of our devices (and consequently all our data) to corporations like Apple?
Got it.
And remember the consequences when Apple starts scanning all your photos and sends a SWAT team to arrest a father who took a picture of his son's rash and sent it to a doctor, because surely he was engaging in child abuse.
I rather have Meta steal info of the 100mln idiots that install their root kits on their devices than have Apple and Google do the same for Billions (with a B) to protect from the former.
It is an evil because there are infinite ways to solve any problem, not just this one. Describing some problem in no way validates any particular response as being even worth the trade-off let alone flat out necessary and unavoidable.
Further, the people promulgating this sort of solution know this. The evil is that they are wittingly using a problem as the excuse and the cover to get something else they want which they would otherwise never get and have no right to.
For everyone who is doing this knowingly, there are countless other sincere but unwitting tools haplessly just buying the line sold to them. So you might be able to say you are not evil for supporting this kind of policy, but all that means is that you are either a witting or unwitting tool of the evil policy.
"Rapes happen behind closed doors, therefore we have to remove all doors. No one denies that rape happens and that it's a bad thing. And it's irrerfutable that without doors that close, no one would be able to get away with a rape. And so, the only grown-up thing to do is agree to give up doors that close. It's not an evil at all."
Okay, it is a full on spyware virus though, not super sure why people would love Bonzi on their system.
This is kind of a shitty compromise, the second you leave a tiny crack open in the security, maybe through root access, maybe some better sideloading, somehow people WILL be tricked into installing malware, and it baffles me...
I've seen it happen multiple times with my older (and younger, though less often) relatives and acquaintances, I'm really not sure how like a solid 5 dialogs that scream at them with sayings like "do not do this", "this is dangerous", "if someone is telling you to do this they're a scammer", and that somehow raises zero alarms, however if you tell them to consider the possibility that they're downloading a virus, or that the nice IT man on the phone is probably not that trustworthy, they will simply not believe you.
That's why I kind of get the paranoia, though most of it is just that and I really believe that software freedom is a whole lot more important.
The problem is mostly that normal people can't be trusted with system-level access but some people can. And it's literally, provably not possible to tell them apart.
For the masses, lack of system-level access is a benefit because they won't be able to ruin their device. For hackers and hobbyists, lack of system-level access is a hindrance because they won't be able to control their device.
Well, normal people generally can’t be trusted with cars: in one country of only 3.5% of the humans we kill two jumbo jets worth of people with them every day.
Tylenol is another example. Building materials is a third (building and fire codes are a relatively recent invention). Hell, even penicillin is by prescription only.
Letting the circumstance happen where median people can easily cause externalities through ignorance or carelessness is how we incinerated the planet and destroyed the biosphere as we know it with fossil fuel emissions, because it’s nbd (still even now in 2026, when we know about runaway polar greenhouse curves) to get in your ICE car and drive to the corner store.
When normal people had GP computers, we got botnets millions strong and DDoS in the Tbit/sec range and keyloggers on every hotel lobby computer hooked up to the boarding pass printer. Median people are way safer on the internet now than before.
> Well, normal people generally can’t be trusted with cars: in one country of only 3.5% of the humans we kill two jumbo jets worth of people with them every day.
If you mean Indonesia (the county closest to 3.5% of the human population) or the US (the nearest above 3.5% at 4.1%+) then you are high by an order of magnitude. Two jumbo jets are around 1000 people. US car deaths are around 100 a day and Indonesia is a little lower.
If you mean Pakistan (the next country after Indonesia at 2.9%) you are high by close to two orders of magnitude. They have around 15 deaths a day.
That seems like an untenable stance. Most people don't pick healthy foods to eat or exercise as much as they should. Should we dictate what they can and cannot eat etc?
In other areas of life, people self-select at their own risk. You can diagnose medical issues yourself, buy power tools you don't know how to use safely, and invest in assets that you don't understand.
All other things being equal, we should try to protect people. But we shouldn't force everyone to make the choices that are best for the people with the least comprehension of what they're doing.
Have you ever seen government officials talk about tech? I think you'd have to be naive to buy the narrative that they're making such a large policy decision for our security.
Of the few people using rooted phones to begin with, there's even fewer that don't know what they're doing.
Much more likely is this is a decision to get in line with the well documented and rapidly spreading surveillance laws of the past few years.
> But we shouldn't force everyone to make the choices that are best for the people with the least comprehension of what they're doing.
You are acting like it's easy to accidentally root your phone
You can’t freely sell devices to let others self-diagnose medical issues, so this part of your analogy doesn’t hold up in the case of phone sales.
We also limit investing in certain types of investments to so-called “accredited investors” which is just legal jargon for “millionaires”.
I don’t think the point you are trying to make about letting people own-goal is as strong as you think it is. (I would have gone with “roulette is legal”, which is a better one that the investment one, as the accredited investor rule is in all 50 states.)
If you are interested in the public good, I think it is pretty clear that we should ban roulette overnight since it has a negative expected value for everyone but the casino. On the other hand (still presuming you're interested in the public good), I think you have to consider very carefully whether it's good or bad to lock people out of investments or to restrict people's access to health care.
Because enough people losing their own money in the same way becomes a social ill.
Much in the same way we try to limit physical addiction, which hypothetically only affects the person taking the substance, and gambling (though we're moving backwards on sports betting).
Some hypothetical social ills:
1 If it's a good source of money, it becomes more ubiquitous. This leads to entire illegal markets, which will typically lead to additional crimes, up to and including human trafficking, slavery, organ harvesting, and murder https://en.wikipedia.org/wiki/Scam_center.
2. The victims of scams will often feed shared or even stolen assets into the scam, desperately relying on an eventual return that will never come. This mirrors one of the better known social ills of gambling and addiction.
3. Even for people that never fall victim, defending against scams is tiring, irritating, and damages social fabric. An easy example is how spam cuts down on the utility of phone calls. In general, to be safe you have to be almost irrationally suspicious of anyone being surprisingly friendly, which makes non in-person connections -one of the greatest benefits of the internet - much harder and more dangerous to forge.
For sake of completeness, another important reason:
4. These kinds of "social ills" hypothetically affecting only individuals, actually spill over to affect their families, and, at scale, communities.
That being said, in most cases it still doesn't justify this level of drastic intervention. Otherwise, cigarettes and alcohol and even Lotto would've been banned out of existence by fiat.
Viruses injecting code into the process of the app that you use to do online banking. obvsly. Or the app you use to do second-factor authentication.
You can protect against that by requiring the app to have a valid signature. You cannot guarantee that the signature is valid unless you can guarantee that the kernel has not been modified. You cannot guarantee that the kernel has not been modified if the phone has been rooted.
For what it's worth, my banking app for my Canadian bank (and the app which does second-factor authentication for web transactions when doing web-based online banking) will not run on a rooted phone. For good reason, I think.
My bank used to use SMS for second-factor authentication, but no longer does so. For good reason. When I do online banking from my desktop, I still have to use the second-factor authentication login on my phone. Or sim-less tablet, interestingly. Whatever the mechanism, is, it is not SMS based.
So, if you cannot cryptographically prove to a remote server that your device is running essentially unmodified, vendor-signed software, you are locked out of the economy?
The irrefutable part here is that the security model works. Locking down the bootloader and enforcing TEE signatures does stop malware. But it also kills user agency. We are moving to a model where the user is considered the adversary on their own hardware. The genius of the modders in that XDA thread is undeniable, but they are fighting a war against the fundamental architecture of modern trust and the architecture is winning.
As I mentioned in another post: By 2026, you'll need two phones. My current setup:
1) An unmodified iPhone SE (2022 model) with OS support until 2032. This runs all my authentication, banking, health, etc. It is in airplane mode 99% of the time unless I need it.
2) The second is a Pixel 9a with Graphene OS for daily use, routing and internet access.
This is expensive, but I found it to be the only viable solution to this problem.
Do you guys wear cargo pants to carry all these extra devices or are belt clips coming back into style?
If I could get away with carrying a tiny device again instead of lugging around a brick I would, but the world has made it as inconvenient as possible not to.
A BlackBerry from 15 years ago weighed just over 100g and did 80% of what your modern-day pocket computer can.
When a bank eventually requires a more recent phone to work, they will carry three phones, one for that one bank, one more for the rest of the banks, and a personal one.
Then they might move somewhere else with different banks and different hardware requirements, they will carry 5 phones.
I've never used a Blackberry but it was much more efficient for me to input text (an essential task for a communication device!) on non-iPhone-style phones with physical buttons.
Nothing useful to add except, god I miss my Bold 9700. Every time I slip on this stupid touchscreen keyboard and make a stupid typo on this stupid phone I howl inwardly and wish pain and endless torment upon everyone who took us down this path away from light and goodness. Grumble grumble
The fun part for me is that an old dumb phone could replace, like, 50% of my smartphone usage, if I could use Telegram on it. We even still have 2G networks with no plans to shut them down. So, a J2ME Telegram client has been on my list of potential future projects for quite some time.
It did, and some of the things it was more effective at.
I remember BlackBerry OS 4.x (?) had a built-in password manager app and this was in the mid-2000s. By comparison this was added to iOS 18 in 2024.
What it wasn't good at was things like games and toxic consumer rich media bullshit. The industry saw dollar signs with iOS and Android and never wrote apps for the ecosystem.
Remember the days when Instagram was iOS-only?
But here we are, resigned to typing on glass for the rest of our lives because some hippie burnout thought it was a good idea.
>An unmodified iPhone SE (2022 model) with OS support until 2032
What makes you think it'll be supported for a decade? Looking at the past models, the support period is around 5-7 years. If you count security updates that might get you to 10 years, but at the 7-9 year mark apps will eventually refuse to update because you're not on the latest ios.
By the time that iPhone SE 3 finally goes unsupported (even the iPhone SE 2 from 2020 has yet to lose support) you'll just buy a cheap refurbished iPhone 16e. Old-gen iPhones are widely available and quite cheap.
i think most here if not all, people complaining by predatory practices of not supporting or liberating your device to whatever you want, are not worried or effected by monetary reasons
for my smartphone usage, i could still use my iphone se (1° gen) perfectly fine and that would include writing some pieces with garageband; which got deprecated and non-download-able because newer versions weren't aimed to my iOS version. heck the vast majority of smartphones aren't compilling software with local hardware (nor i know why someone would do)... guess we could stop with processing power advancement of 2015 just fine to run Whataspp and Instagram. producing hardware is costly, not everyone has a decent job nor minerals are infinite and have no ecological impact
You will also need to accommodate the banking apps updates, banks will not support very old versions of their apps( very old varies but probably about a few months ). Beyond that the new versions may require hardware support that may not be available in a decade old phone.
There are enough non-shitty banks and credit unions, at least in the US, that you should be able to easily switch banks to a better one. They have no moat.
FWIW my US bank works on GrapheneOS and they refund all ATM fees, so you can use any ATM you want. The only issue I've run into with them is they have a Zelle integration which is only available on the phone, and on GrapheneOS it just loads to a blank white screen. But that seems to be Zelle's fault. The bank is Charles Schwab if anyone is looking for a currently-compatible-with-GrapheneOS bank in the US.
Funny - in some ways I have the opposite. In my version:
The iPhone SE would be the one I use for calls, SMS, etc. It has the SIM card.
The Pixel 9a would be used for everything I don't need a data plan/SIM card (browsing etc).
My needs are a bit different from yours. I like to separate telephony and communication (i.e. WhatsApp, SMS) from everything else. This way, if I want quiet, I just turn that phone to airplane mode. I really don't want to get random pings while I'm doing "real" stuff on my phone.
More painful to manage turning it on/off than to simply leave it in my car.
Over the years, I've spent far too much time with different solutions for managing notifications, etc. Turns out simply keeping the older phone after buying a newer one was the easiest approach. No downsides so far. The old phone has the SIM card. The new one doesn't.
Looking at the phone, disabling the lock, swiping down, and pressing "Do not disturb" is a lot more than just not looking at the phone.
Also, that's only half of it. I have to move it out of "Do not disturb" at some point. Or set a timeline for it. Why should I when I just don't need to?
Also, it's been years since I used "Do not disturb". Does it show notification icons in the drawer on top? That's a definite no-no.
I might be paranoid, but I like that my bankcards are in a metal case (I got it because it's water/dustproof, but I like the bonus) and I like that Wallet only activates the rfid for a second, then I'm no longer broadcasting.
If you have a lot of resources to protect against or known risk, you segment.
For example, do most daily transactions at one bank, and keep the rest at another.
This happens a lot in companies and government - you outsource payable operations to different division of government or a contractor. Hire one to do custody of money, another to process disbursements.
And adding to this: using the card gives me peace of mind because it never runs out of battery. If I only used my phone for payments and it died while I was out, I would be screwed. Can't call a friend, can't pay for transit, I guess I'm walking for hours to get home? Since I use the card to pay, if my phone dies, the worst thing that happens to me is I might need to look at a physical map to figure out which train to take home.
Since 2018 you can still use tap when your iPhone battery has died. It works for transit passes, keys, and some payment methods. They call it Express Cards and it will continue to work for ~4 hours after your phone has died. iPhone's keep a "Power Reserve" for NFC when dead.
Yeah, in low-fraud scenarios it's a very good idea. Otherwise, though, you have the problem of what happens when a robber takes it.
I'm thinking a ring type device might be better--put a pulse oximeter into it, you unlock it with your phone, it remains unlocked only so long as it gets basically perfect data from the oximeter, locks if it fails for a second. Thus said robber can neither snatch your ring nor cut off your finger and use it. I like the metal mesh straps that can hold my device very snugly against my skin without being tight and that would be good enough, but a looser strap would not.
The smartwatches I've owned with payments support (Pixel Watch series) automatically lock when they are not worn, presumably using the heart-rate sensor.
I wonder if this makes room in the market for some simpler device for payments. Something like a wearable that you can tap-to-pay and has the signed software attenuation but nothing else so you can't be tracked using GPS.
that exists. It's called Felica, and it's used all over Japan. train passes, vending machine, convenience stores, many restaurants. Built into iphone and a few androids.
Note that the payments are tied to a card/chip but you can (at the moment) buy new card no id/registration required
Nice. We had this in the 90s in Holland. It was called chipknip. (Knip is old slang for wallet).
It was really like digital cash, the money was loaded onto a chip. So if you lost it you lost all the money. There was no pin code either, just like a real wallet. Unfortunately it was not really anonymous because the Dutch government are really into surveillance.
It didn't really last very long, it was only popular for parking machines. In those days 2G was expensive so validating transactions online was rare.
This will be the answer as we move away from screens as phones. Smart watches have slowly edged in, but I foresee some 'no screen' being the answer to payments, access control, etc
Long ago we used to have ‘mini’ credit cards. You could get a two-thirds size magstripe card from some major banks that’d go right on your keychain. Discover had a cute little bean keychain with a flip-out magstripe card (the Discover2Go) as well.
At the same time there was also the Exxon-Mobil Speedpass RFID fob, and I remember there being a huge discussion about “the battle of the keychain” and whose payment instrument would win being on your keys to be used the most alongside your loyalty cards.
That's what I do too (not iOS + GrapheneOS but the result is the same) as I was tired of fighting to make my bank apps and itsme (digital identity app in Belgium) work on my rooted phone.
Everytime I have to use a stock phone I'm appalled at the ads and I have absolutely no trust in any US or Chinese manufacturer. So I use them only for banking and digital id because that's presumably not what they actually care about.
It's not that expensive, I think many people have an old Android phone lying around, it doesn't have to be up to date.
It is very ironic that the solution is using an old, insecure phone full of unpatched holes for all important banking and id business, because that one is vendor-allowed while your state-of-the-art GrapheneOS is not.
If only banks cared about state-of-the-art security.
In reality, banks couldn’t care less. They only care about checking boxes and don’t consider where these boxes come from; every unchecked box is a risk.
Did the latest sham "security audit" say that root is bad? They'll block it.
My job's SSO moved to provider that either required an unrooted phone or a reliable Voice auth.
For 2 years the voice authentication worked fine (they call me, I type in a number) on my regular rooted phone. Then one random morning I just stopped getting the phone calls. "Network said no".
Complete lock out, nothing I could do except go out and panic-buy an unrooted phone not running Lineage and using a modern Android version. (I tried my older unofficial lineage phones without root, and no dice.)
I opted for a good phone I could postmarket later, but gosh did it set me back almost 1/5 of my monthly salary.
Pretty much the same setup here. Pixel 9 Pro GOS + iPhone 15 (USB-C everything!). The iPhone is a Canadian model that retains the SIM slot.
Most of my banking apps work fine on GrapheneOS, but I've adopted this because I'm confident they'll eventually break. And access to Apple Pay is nice.
Carrying two phones is annoying, but, agency over my main computing device is worth the price.
I run a proxmox server on my home Lan with all the services and storage I want, including a wireguard server. My Android phone can then connect to my home LAN services from anywhere in the world (my ISP provides static public IP addresses).
My Android device is then a simple terminal to all my "stuff". It can be locked down as much as they want it to be, as long as it can run WireGuard. I have no use for a rooted phone. In fact I want it to be as hardened as possible in case of theft.
I used to get a physical security key from my bank. Perhaps I should get a bank device with a touch screen for banking only and they could then stay the hell off of my personal phone.
Many of us would need the unmodified one to have a working SIM because a lot of those providers require SMS in their auth flow. Expensive for many of us. For me it'll mean I have to do these things on a computer. Until they come for that one too of course.
Don't they usually SMS you a TOTP code that you could then just type into the unmodified one? I've seen some apps that snoop on your SMS to automatically grab the TOTP code but I've never come across one that wouldn't let you manually type it in.
I do something similar but it's iPhone SE plus olympus camera plus laptop. The laptop is where all the libre software lives, and the camera is (of course) for taking pictures with. I don't use the phone for anything except boring essentials, for the most part.
It's Pixels only at the moment; the GOS team are apparently working with another hardware vendor to produce a suitable device, but that's still a long way off.
It's true that GrapheneOS is not rooted, and, unlike other non-rooted custom ROMs, allows re-locking the bootloader. But, whether a banking app will work depends on what level of Google Play attestation they require. While most banking apps work fine on it, a significant minority do not.
Yeah I wish we could do without a bank in modern life. When bitcoin first began I was really in support of it because I saw potential in freeing us from the dark stranglehold of the banking industry. Everyone just manages their own digital money.
But nope the cryptobros just turned it into another pyramid speculation scheme and the governments ruined the customer independence with their KYC stuff. Now it's just an online version of the old system where the exchanges are the new banks.
If that's the case, then I'd hold this as a different threat model than not being able to turn off WiFi and Cellular.
Very curious if an iPhone or iPad with all accessible settings off, including for NFC turning off Apple Pay, NFC tag reading, etc., leaving only this background NFC on, if there are still persistent identifiers being broadcast.
iPhones will transmit bluetooth beacons even if turned off. Fortunately the battery goes completely flat after a couple of weeks or so and then they no longer do. Unfortunately this is not very healthy for the battery.
I could be wrong, but on a lot of mobile SOCs all of the modems are in the same chip as the CPU. I think you would have better luck removing the connection to the antenna
Need? Unless and/or until the ability to log in and do your banking, healthcare, etc. via desktop/laptop goes away, then you don't need a phone to do any of that. Yes, 2FA may be required but in the tangential experience of myself, my partner and my two closest friends, we have multiple 2FA options available to us for our banking/healthcare apps that don't require a smartphone.
I see this point all the time - "You can't bank or do important life stuff without a phone!!!" and it's just, largely, bullshit. I don't do any "important life stuff" on my phone.
Beyond that, even if you had to have a phone to perform those tasks, I'd strongly argue that if you feel you need a second phone, then, and I know this will come off as reductive and unproductive, I think the idea of spending less time on your phone and on the internet, and more time "touching more grass" and interacting with the community and world immediately around you, might apply.
You don’t do any important stuff on your phone. Others might not have the luxury.
Notably, in Vietnam people use QR payments a lot. If you want to interact with them by, say, paying at a small local restaurant, you’ll need a phone (or a stack of cash, and please do prepare change).
Just because you don’t need it doesn’t mean other people don’t. Heck, I have no need for a rooted phone so I only use a normal phone, but I respect that others might need a rooted phone.
It depends on location. In my whereabouts banking and e-signing requires one of two 2FA solutions both are mobile-only.
Theoretically there is a third option with USB ID card reader to use certificate stored in ID card. But I never saw one used in practice. It’s a PITA to get those devices to work on anything beyond Windows. And they’re accepted in relatively few places.
How is a pixel with grapheneos not a secure device?
Ps no it's not rooted but it won't pass full play integrity so it will usually be treated as such.
Also, a properly configured root is not a weakness just like having a computer where you don't log in as admin unless you really need to can be just fine.
> As I mentioned in another post: By 2026, you'll need two phones. My current setup:
Cheers, maybe by 2027 unattested devices won't be allowed on the internet. It's not a solution. The problem didn't exist a few years ago, the idea that it will not continue to its inevitable conclusion within a few years without real solutions is laughable.
Wait until Graphene is classified as a hacking tool and Estonia convinces the EU to fine a million Euros a day any company providing services to host its website. Wait until, "in the spirit of reconciliation," the US goes along with it, too.
Wait until unattested desktops aren't allowed on the internet.
I understand that you’re using it as an example, but I still find it very misleading. Estonia is pro-privacy and has consistently voted against Chat Control.
On the other hand, France has been undermining privacy for a few years now. They supported Chat Control, have attacked GrapheneOS, etc.
With all due respect - I totally understand you may need a rooted phone, I’m just curious what you use it for? I’ve never had a modified or rooted phone so I don’t know of any of the reasons you might need one.
You start to use it because you care about privacy and your data. But now it's just to avoid all the crap Google and OEMs put into the phone. Same story is with PC and Windows. To quote one smart guy: "I'm not in the mood to be treated as a chimp." And that's it.
System wide adblocking, being able to backup any app are the top two reasons I'd still root my phones if i had any choice. You'd be amazed by the battery life improvement you'd get by just blocking ads..
I deliberately avoid all banking apps even though i didn't root my phone, but i have to use Google Pay a lot. So... That's the only reason this phone I'm typing on isn't rooted.
unrelated to phones a lot of (more professional) malware has moved to not persist itself in root space (or at all) as to not leaf traces (instead it will just rely on being able to regain root access as needed every time you reboot with all the juicy parts being in memory only (as in how often do you even roboot your phone))
I think (but am not fully sure) this also applies to phone malware.
I.e. no it doesn't work.
Not unless you
- ban usage of all old phone (which don't get security updates)
- ban usage of all cheap phones/phones with non reliable vendors
- have CHERY like protections in all phones and in general somehow magically have no reliable root privilege escalations anymore
Oh and advanced toolkits sometimes skip the root level persistence and directly go into firmware parts of all kinds.
Furthermore proper 2FA is what is supposed to make online banking secure, not make pretend 2FA where both factors are on the same device (your phone).
And even without proper 2FA, it is fully sufficient to e.g. classify rooted phones as higher risk and limit how much money can be transmitted/handled with it (the limit should ignoring ongoing long term automated repeated transactions, like rent).
I stopped using banking apps on my phones a few years ago - they got more and more annoying, and I don't buy into the "the device is secure and should be used as a trust token". So I'm now back to banking only on my computer, with a hardware token for TAN generation.
Hardware tokens are not allowed in Europe to authorize certain operations such as bank transfers: you need a device that can show the operation you are about to authorize ("enter 123456 to confirm your payment of 99.99 € to Pornhub"). And that essentially means using a phone.
I don't think card readers can display payment information, can they?
And I have no idea why, but no bank offers photoTAN devices in my country. They seem like an interesting concept, even though I imagine the underlying hardware isn't far from that of a phone, in the end.
I'm in Europe, and some of my banks still operate with a token just showing numbers, while others use devices with QR code readers and a colour display which then can show transaction details.
They don't really like you using that and keep annoying you to stop doing that, but I don't think they'll fully get rid of that - those are filling some accessibility niches as well.
I’ve seen dedicated hardware devices which scan a QR-like code and show this in a little screen of their own. The bank provides them and does not require any app.
There are "simple" hardware tokens that allow for that - you have to enter the amount and part of the destination IBAN and they generate a 2FA number based on that + probably the same number generator it uses for logins.
I'll bet the confusion stems from the rest of the world having essentially forgotten what is a check/cheque almost a generation ago.
I only used them twice in my life, last one was in 2012 and I had to get a supervisor at the bank to find the procedure to get a checkbook at the time.
The last time I (EU) touched a check was in 2006 - my elderly landlord used that to refund overpaid utilities. I had to google what to do with that thing - the bank I was with wasn't handling checks at all, so I had to go to a branch of a different bank. And even there they first had to look up what to do with that thing.
Maybe it's different for non-homeowners or people without kids. Just looking back at my records for about 2 years, I've written 36 paper checks in that time, not including the "online bill pay" provided by my bank which are often just physical checks they send in the mail: Kids extracurricular activities, school PTA donations, memberships in local clubs, pool service, home improvement jobs like fences and concrete, appliance repair, and, of course, property taxes.
Last check I wrote was for some car repairs at a local shop, where using a credit card would add a 3% premium. I agree, local services and contractors are some of the last people who you still can't pay electronically, but it's getting increasingly rare. Most will now at least take Venmo/Zelle.
I do own a home but find that almost everything can be paid online now. I write just a few paper checks per year. Even my taxes I pay on the state or IRS website (with ECH, so effectively a check but without the paper).
I’m a homeowner and have kids, and I’ve never written a check in my life. I can login to Bank of America and have them print and mail a check for free, but the recipient has to wait.
I only have to do this rarely, and it’s always because the recipient wants to charge a “convenience fee” for having me pay with ACH or debit card or credit card. (The seller is assuming people would rather pay an extra $3 to $5 to not have to write a check or mail anything).
What's hilarious is that at the end of the day your transaction is added to a text file and sent along with the image to the Federal Reserve Bank Clearinghouse via SFTP. It's then communicated back to the other bank in the exact same way.
Hyperbolic take - There won't be PCs, as we know them, for too much longer (both by way of being made into walled garden phone-like "appliances" by software, and by the hardware becoming unavailable).
I hate that future so much, but I don't know what to do to avoid it. My sole choice to bank on pc and use it as a pc will not be considered by the product people making the choice to go smart phone app only.
I'm essentially along for the ride because the masses will gobble it up.
I grew up in a world where personal computers weren't strange things (the 1980s). I remember reading Levy's "Hackers" in my teens and not comprehending how people could think personal computers were such a big deal. The talk about "technical priesthoods" and mainframes, the inaccessibility of computers to "normal people", etc, didn't mean anything to me.
Now that I'm living through the twilight of the personal computer I understand.
You do realize you have the power to organize with other like minded individuals and exert political power right? You don't have to just sit around and "accept this fate." We still live in a democracy, you're allowed to have a say if you want to.
The concern about individual ownership of general purpose computing is of concern to a fraction of a fraction of a fraction of a percentage of people. In the USA, at least, even more basic issues that should matter to a large portion of the population don't because they're distracted by "culture wars" and "wedge issues".
Money is speech, and speech builds political power. Industry lobbies have vastly more money than the minuscule number of people to whom this matters.
On top of that, the market doesn't want general purpose computers. The market wants TikTok terminals and selfie cams. The market wants "content consumption", "AI slop", and "influencers".
If there's no market for what I want it doesn't matter if it's legislated out of existence or not. Nobody will build it if nobody will buy it.
Then there's the apologists for big tech who cry "But they're not computers, they're phones!" when the fact is brought up that we're all carrying general purpose supercomputers bristling with sensors and radios in our pockets but we're not allowed to own them or use them for what we want. (Cue sob stories about clearing malware from oldsters' computers in 3... 2... 1...)
Technologists (who I'd argue should want general purpose computing in the hands of the masses) can't make any money re-architecting the OS and application metaphors and paradigms that give rise to the malware-laden cesspools of end users PCs so they just direct their efforts to working at big tech building the walled-garden prisons that we're all going to be forced into.
It's hard not to feel like I have to accept this fate.
yeah. Americans are one media campaign away from having to argue for their right to possess fully semiautomatic general purpose computers with high capacity peripherals. Europeans and the rest of the collective West won't even get such courtesy, their young global leaders don't need to justify their actions to the unwashed masses.
all they really need to do is to make the Internet inaccessible from any device except the castrated thin clients that our computers are doomed to be replaced with. and that can be done trivially.
> We are moving to a model where the user is considered the adversary on their own hardware.
That has been the model since day one, since you are using spectrum that, because the end users are not licensed, requires it. Radios in 100% of commercially available phones are locked to prevent user tampering.
You don't get root on your debit card either, despite it running a computer.
> That has been the model since day one, since you are using spectrum that, because the end users are not licensed, requires it. Radios in 100% of commercially available phones are locked to prevent user tampering.
Why, then, can users be root on PCs that have wifi cards, SDRs or cellular radios?
Wifi? Because it is part 15. That spectrum is less strict.
SDRs? Because they are not certified transmitters. They are test RF gear, or a component of a transmitter, not an end-user product.
Cellular radios in a PC? You don't get root on those. Same situation as they are in a cell phone: They are licensed-band transmitters, and they are required to be tamper proof to protect the licensee.
> Cellular radios in a PC? You don't get root on those. Same situation as they are in a cell phone: They are licensed-band transmitters, and they are required to be tamper proof to protect the licensee.
The original post said:
> Locking down the bootloader and enforcing TEE signatures does stop malware. But it also kills user agency. We are moving to a model where the user is considered the adversary on their own hardware. The genius of the modders in that XDA thread is undeniable, but they are fighting a war against the fundamental architecture of modern trust and the architecture is winning.
So, as I read it, Fiveplus is saying that we are moving to an architecture where the user is an adversary on the computer (the phone) as a whole. While licenses may require that specific components are out of bounds, the new thing is that the whole platform is denying the user the ability to do what they want with the parts that are not explicitly off-limits.
IIRC, a Blu-Ray drive is required to store data about revoked keys and to stop playing discs if its own key is revoked. Presumably the BR license also states that the user can't be allowed to wipe this revocation list and start playing Blu-Rays again. But BR drives can still be fitted in computers where the user has root access, just like PC cellular radios.
Phones are made to be default-deny instead of default-allow, and I think that makes it different from "enclosed modules you don't have control of".
Of note is that there is apparently one single application licensed to play Blu-Ray disks on PCs, CyberLink PowerDVD. Anyone watching Blu-Rays through alternate means on general-purpose computers today, by using MakeMKV or similar, are likely breaking anti-circumvention laws.
As of November 2023, zero applications are licensed and capable of playing UHD Blu-Ray disks [0], and PC manufacturers are just not including the hardware necessary to do so.
My point in context to the original post was simply that this isn't a new perspective -- the idea that the end users of a phone should have any control over the operation of the device was something that came later in the timeline of cell phones.
Even as a licensed ham it's getting increasingly difficult to even get hardware that allows utilization of frequencies I'm duly licensed to transmit on in the 2.4 GHz band. Short of building and designing your own transmitters it's become impossible to repurpose hardware like it was before. Our club has aging M2 Rockets from Unifi that were modified for this use that are now decaying and dying. It's unfortunate too because once these stop working that's it. A few club members have been championing GLiNET but same problems. They are relying on older models which weren't as locked down and already show signs of suffering the same fate as the Rockets.
Personally I just don't use a banking app. The website works fine? I don't like the idea of having to use something from the Apple App Store or the Google Play Store, both companies of which could randomly decide I don't need to exist and cut off my access. ... no thanks? So I don't run "apps" at all. If your business is only available that way, sorry! But "I don't have a smartphone" tends to signal to the receptionist that they'll need to explain the myriad of other ways to do business.
Consumer level security always has to contend with the lowest common denominator. As my 80 year-old mother‘s technical support team I can testify that she will download and install anything she sees on Facebook. The consumer security world has to protect us from people like her. It’s also the reason I will only allow her iOS devices.
Maybe people like her should just, uh, not use technology? Or not do it as much? The fact that the society so heavily pushes everyone — regardless of their technical literacy and willingness to learn — to use internet-connected devices is also a huge part of the problem.
The problem is that we're supposed to use these "secure apps" on our own devices.. but since they need these enhanced security guarantees, our own devices cease to be ours.
Yeah. Tech companies are coming for our hardware. Next step is OSes with agentic AI turning it from a system with frameworks and libraries with apps seperate from the base system, into a system that only runs AI models that the "owner" of the hardwre has no control over and the lines between the OS and the AI is very blurred.
This totally beats the purpose of owning or using tech. Might as well go off grid and live a non-tech life.
Big tech wants to colonize our hardware completely because data centers alone ain't cutting it.
1$ Trillion has to be paid back to the investors plus interests. They screwed up with AI and we have to pay for it. Or maybe they didn't screw up because big money always gets bailed out by the plebs.
I really like this comment. I similarly don't like that banking is, from no collusion just internal incentives, locking out any users not opted into the Chromium hegemony.
> The irrefutable part here is that the security model works.
Yes! And that business model should be allowed.
This leads me to worry the notion of "user agency" may be misplaced, meaning, aimed at the wrong level of the stack. It would seem both open (general compute ethos) and secure devices (appliance ethos) have a right to be in the market. So…
### Perhaps user agency should be at the experience level. ###
We couldn't plug Sega Genesis cartridges into Nintendo 64. We understand this about consoles. If we remap mobile devices into consoles, it seems less obvious their internals should be opened and tinkered with by end users.
User agency seems more at the level of picking a console family, and it's often for the whole brand aura including both the console itself and safeness-to-permissiveness dial by which the brand curates its the cartridges (spectrum from Nintendo to Apple to Sony to Microsoft and Steam). A free market for mobile devices or desktops would likely sort out a similar spectrum of just-works to fidget-able. If you choose the Nintendo 64, you wouldn't expect to run arbitrary software on it as you would expect on Dell.
We hackers are capable of figuring out how to make Nintendo 64 software; our neighbor does not need or want those affordances, they want just works, no headaches. This idea that the user must be able to open their digital watch or toaster oven and change how it is wired glosses what users actually choose: the conveniently toasted meal.
At the same time, business models around the curation and appliancification of digital tools, blurring the lines from hardware through solid state through firmware to software into a single product users can choose, must be defended.
If I want to dev for a secure product, I similarly must be OK opting into the supply chain security model (with Apple, registering as a dev in order to exchange cert material and bypass consumer paths to loading software I'm making for the platform) that allows that product to be secure, and opted into by users with money to buy my app, that caused me to want to develop for it in the first place.
Users must have a right to buy an appliance that isn't fiddle-able. Not mandated to, as this article sounds, but allowed to as the EU is trying to deny. Such products have a right to exist, and such business models have a right to exist.
And then, user agency remains as simple as use dollars to buy a product offered through a biz model that matches the user's goals, rather than regulate to disable business offerings offerings/products that don't, and developer agency is to pour energy into the platform that aligns with one's ethos.
If more money is to be made on a platform with a different ethos, perhaps it's worth reflection rather than rants.
Not that it excuses the withdrawal of user agency. But I've never used a banking app on my phone before. Anything important I still like to do on a desktop.
Though how much longer that's safe, who knows. Apple's model of requiring their permission to run code on your own device will probably spread to everything given enough time.
Much of the world uses mobile payment apps instead of credit or debit cards. Some banks allow a setting that using a card can require a ping to the banking app for verification of the transaction. I don’t know if it’s legal to turn down cash payments in Vietnam, but some vendors may only accept digital payments.
I guess you could take your laptop out at the restaurant and in the taxi to pay. It seems a little strange. You might better just use a browser on the smartphone instead of the mobile app.
I guess I take credit and debit cards for granted. Surely the rest of the world had some solution before smartphones, though. Hopefully the US doesn't descend into needlessly using the phone as a middleman as the norm.
When I used to work on the Vanguard authentication team, we blocked Vietnam from access because of too much fraud (not my choice). But it was funny because we had Vietnam based clients, so there were a couple HNW clients in the logs that you could see who would log in from Vietnam/Russia/Wherever, get blocked, open their vpn, then log in from England. This was a while back, but even then there was a push for things like yubikey, and hardware tokens, so its not surprising the wind is blowing in this direction of just hardware authenticated people. Financial companies are just constantly fighting fraud in a million ways.
I'd be really interested to know whether a significant amount of fraud and fraud attempts involve devices with root or non-stock operating systems.
This has always struck me as a matter of checkbox compliance rather than a commonly-exploited attack vector, though I'll grant that's partially because few people actually use such devices.
Intuitively I'd say no, there's no way it's a significant amount of fraud. Number one because, as you said, it's rare, but number two because you just don't need a rooted phone to scam someone. You can very easily scam people on perfectly legitimate phones and with perfectly legitimate apps.
Keyloggers would be considered a form of fraud, right? Customers can be protected by not allowing rooted phones which may contain malware and steal credentials, but then again Windows is a nightmare for security and nobody is banning banking from Windows.
Right, but you don't need a rooted phone to keylog someone. You can just ask their password over the phone, and people do, and it works. Or, you can install a plethora of perfectly legitimate remote access apps available on the play store.
I worked in fraud compliance architecture at a bank.. they didn't checkbox anything. They had a lot of gathered data and justification for the limits they enabled. I'm sure not every bank does it that way, but they weren't trying to limit legit customer access, and they pained at enforcing limitations like this.
Yeah I call bullshit. The number of people with rooted phones is going to be way less than 1%, and the number of those that are unsophisticated enough to fall for scams/malware is going to be miniscule.
This is pretty clearly a case of "oh there's an option here that says 'allow on rooted phones', do we want to allow that?" "No that sounds scary and risky! Of course not. We must not allow it."
The option is there, and nobody is going to try to sell not ticking it.
Devices that are easily rooted absolutely originate fraud. It's not like this is some wild claim. Look at how much financial fraud is driven by botnets running on old Windows PCs.
When I was running a home server as a kid, I IP-blocked the entire continent of Asia because I was constantly getting pings, portscans, HTTP path guesses, SSH auth attempts, etc randomly from there. Of course I secured my stuff to the best of my knowledge, but I still didn't want that harassment cause 1. who knows 2. could be ddos'd.
When finding help on how to do this, people were saying it's useless cause they can proxy/VPN anyway, but obviously that has some cost to them because they weren't doing that. So seeing how I had no legitimate traffic from there, it was an easy choice and cut out like 99% of abuse.
lol you should see how bad it is nowadays. Like 90% of my traffic is from SE Asia or germany trying to scrape my site. I blocked like a dozen countries because of it. Singapore itself is an insane amount of traffic for me.
Singapore could be due to being a common VPN exit node for within SE Asia? Close by and avoids the most common regional blacklists (and gov firewalls of course).
Oh yeah I remember adding my Yubikey to Vanguard as early as 2019! It felt amazingly modern compared to any other bank. I assume this is your or your team’s work. Thank you!
I’ve also had other banks do the same. They provided me with a debit card that supports international transactions but they did not allow logging in from most Asian countries. So I would log in from Asia, be blocked, turn on my VPN and log in from the U.S. to check the balance on my card.
I always thought Vanguard was behind the curve on these types of things. They don't even have support for TOTP from an authenticator, do they?
Separately, I couldn't even log onto their system this week from my desktop browser because of some bug. (Accessing from the US). It didn't recognize my username or password, let me change my password, then said it didn't recognize the new password.
This is likely part of the Vietnamese and Thai governments' rollout of biometric linking for bank accounts, similar to KYC regulations in the United States. The deadline for Vietnamese biometric linking was December 19th, 2025 [1].
The Vietnamese government has reported a rise in account takeovers and other banking thefts [2]. SIM-swapping has been a tactic used. Adding difficulty for fraudsters to trick unsophisticated banking customers is a valid security layer.
TOTP is pretty standard. Give the user backup codes and just use normal recovery methods. For most things that might be email. For a bank it's probably identity verification.
Partially, but it's also connected with the VNeID project [0]. The goal is by 2030 [1], all Vietnamese nationals and foreign visitors will have a digital biometric ID attached to themselves, and all services linked to said ID.
There's a trend of online banks forcing the use of an app. I can't login to one of my banks' website since last year without using a QR code from their app.
Of course they slathered the app with tracking, 'security', and analytics SDKs, so rooted devices are rejected. I had no way to log into this bank account after they made that change, which is simply wonderful.
Anyways, they're not yet at the point where they've learned to do the checks server-side. For now it's a one line patch to skip the root screen. But the Play Integrity API is designed correctly, if they learn to use it, there will be no workaround without someone finding a hardware vulnerability somewhere.
Depends on what country you're in. In the UK, the banks are often held liable for various scams that involve the transfer of money, so they up the security over and over again. A bank will rightly argue why it's responsible for an old granny sending her life savings to her new lover in Namibia, so it seeks to block that transaction in the first place.
Some of that liability is fair but most of it is the government telling the banks to account for the loss when someone is scammed. They are obviously going to mitigate that as much as they can.
Yep, hardware attestation is becomming more common, even with websites.
This is why LineageOS is actually dead in the water, even though they're "in talks with hardware vendors". It doesn't matter when people can't use the apps and services they need.
What app developers find most valuable is what other apps you use and what competitors apps you have so they can target you more effectively. If you have Peloton or Tonal, they want to know if you have the Strava app on your phone for example.
Only on older versions of Android. Apps are very locked down on what you can get. I would have loved to be able to fingerprint a device when i was at the challenger bank and application list is very good for fingerprinting.. We would fingerprint on the web to detect bots.
Normiefication. Normies do everything on their phones; it’s the companies meeting the masses where they are. I’ve seen people fight for their lives to do a spreadsheet on their phones when there’s a laptop they own gathering dust less than 50 feet away.
Possibly, but companies seem strangely set on getting people to install apps, even when the feedback is negative.
Offering a monetary reward for installing apps seems fairly common. Chevron had someone at my gas station offering something like $5 of free gas, plus $1 a gallon off of the next three purchases. If it was something the customers wanted, they wouldn't need to pay people to do it.
This term needs to catch on, this is the first I've seen it, bit it explains why so many prodict decisions are made and those who know better/different are just too small a minority to get any say.
We're dragged into this kicking and screaming and yet normies think we're the crazy ones.
This trend makes me want to find a small town credit union.
I chose my current bank because it was one of the few that had proper token based access for 3rd party integration. An overwhelming majority of banks were relying on a 3rd party holding your actual username/password and saying "trust me bro". I wasn't comfortable with that.
This is a very condescending toward Vietnamese tech people. According to Twitter/X, Vietnam’s GDP just surpassed Thailand and it’s on its way to joining the Great East Asian prosperity zone by becoming the last country to become fully industrialized and very rich. Many tech jobs in the US will move to Vietnam in the coming few years. You will be surprised where your future Tech conferences will be located.
Eventually though I suspect that web access to banks will be rescinded too, much like HMRC in the UK no longer permits companies to submit their taxes through the websites.
Don't like that. I'm of the "if you're going to do something important, do it on your PC" generation. I do not want a future where I lose my phone and I can no longer access my bank.
We need to act now, while there are still service providers that don't require a phone. If my bank said they wouldn't do business with me unless I used a phone and an app, I would immediately take my business and all my accounts to a different bank. Banks have no moat. You can pretty easily move accounts to a different one or to a credit union who won't abuse you.
They won't find a solution to your problem, when one is obvious: buy a phone.
They'll find a solution to their problem, which is you: apologize for losing you as a customer, and express a hope that you'll consider them again after you've bought a phone.
There can be laws like the right to have a bank account, that might say your bank can't require you to have anything they don't provide you with for free. In some places.
With HMRC, the reasoning is that this forces the company to have an accounting package. They don't care which, they just define the API. Not unreasonable. There are more issues with MTD IT (making tax digital, income tax) due to some detailed requirement decisions such as the need to report different income streams separately.
That seems to be the way the wind is blowing. Most new 'challengers' I've tried in the US either have no web access at all, or limited access that lets you view balance but not do things like transfers.
In the US, in my experience, young people don't want to deal with cash at all. Older people do, but it's not always convenient to meet up.
Most banks charge a fee for sending a wire. Sending an ACH is free, but most restrict that to your own account. Revolut is the only one I've seen that lets you just spam ACH to anyone. In both cases, it isn't instant.
Zelle largely fixes those issues, but has its own issues, like a lot of banks not supporting it and/or arbitrarily low send limits.
I don't understand either. My contact surface with my bank is so small. I log in once a month to download transactions. What is everyone doing that they need constant immediate access on their phones? I'd probably debank before buying a special iPhone to access a bank account.
Let me give you a preview of a world coming to you, and present day reality in Ireland:
1. Your employer pays your salary by bank transfer, which requires you to have a conventional bank account.
2. You then want to spend that money, how do you do that?
Debit card? You need the phone app to retrieve the PIN when the bank first sends you the card.
Cash withdrawals in the branch? For amounts less than €10,000, the staff will direct you to the ATMs in the branch. These require an activated debit card to withdraw money, and activating that card requires the phone app.
Manual money transfers in the branch? Once again, for amounts less than €10,000, the staff won't do it - they'll instead direct you to the PCs in the branch. These are just loading the same website you can access on yours, which will ask you to the confirm with a 2FA push notification to log in.
Try another bank? The legacy banks all got the same auditor who advised them that app based 2FA is the easiest way to implement PSD2, and reduce the likelihood they get held liable when customers get scammed, so they all implemented that as the only option. The neobanks of course, are accessed solely by apps.
I long ago decided never again to use anything but a credit union, and this makes me glad that credit unions tend not to ride the forefront of tech trends.
Would make a lot of sense for banks just to shut off online/mobile access and switch to in person only. That seems to be the way things are moving with KYC/AML and ensuring there is a material presence of the person in the banking jurisdiction in which they operate. Knowing the password / keys and providing a video 'proof of life' is no longer sufficient to presume you're dealing with the person you think you are and not just sold 'darks'.
I've heard 3rd hand of some banks already doing this in i.e. Armenia where a foreigner can come in and open account easily but they block any online access to lock the control of funds in country to make it harder for the FATF psychopaths to find fodder to clamp down on them.
It's already reality in my country, where you cannot access online banking for any banks except via their mobile applications, which (of course) refuse to work on anything rooted or running non-stock firmware.
Let me clarify my statement: one government agency’s election to use an app for a single purpose isn’t an indicator of much.
It’s not like the UK sent out a mandate to private banks or any other private industry on this issue. It’s also only one small country of hundreds.
I’d have to question this idea that this is how things “already look.” I can think of very few businesses that I interact with that force me to use an app.
This type of election to use an app by a government agency sets the tone, and more importantly tends to redefine "best practices." Would you want to be the one private entity known to not be using best practices? Would your risk officers or lawyers be OK with that decision?
Thai banks are required by regulation to have facial recognition when transferring over 50k THB in one transaction or cumulative in a day. I believe most banks have shutdown their internet banking as it's not worth it for the low number of users to implement web-based secure facial recognition that don't allow you to feed spoofed video input. One of the bank that I use will send a push notification to their mobile app for you to confirm the transaction.
I believe that previously internet banking, even before mobile banking, will limit the number of transfer recipients you can add per day/month. With the rise of QR payment I could see this limit being regularly hit if you scrape the web-based banking.
Since the Bank of Thailand claims that they technically don't block many things (mobile banking technical requirements seems to also require blocking root, but they never banned internet banking), I wish there's a new bank that try to disrupt the existing players. But the latest "branchless" banking license were only acquired by existing banking groups, so API-first personal banking remain impossible.
In Hungary, where the central bank created the same rule about not allowing banking apps on "unoffical" devices, they do, but you need either the app or SMS for 2FA. Apparently they consider SMS secure...
Maybe a tiny difference though is that a phone is moved all day long, with a lot of people around to mess with or pick it. Your laptop is a bit larger and your desktop .. well is behind your door. But yeah ultimately a bank should not rely on phone OS to have security.
TD Canada is forcing me to use their app. Every time I make an online transaction which to them is too large or fishy in some way, they make me login into the app on my phone to approve the transaction. That's the only way.
I assume the bank apps have functionality that their websites lack. Like being able to tap to pay for things, etc. Where a rooted phone might make fraud easier. If not, then this really makes no sense.
That's what a malware can do on a rooted phone, _once it gets root access_, but that doesn't mean a rooted phone is easier for malware to attack.
There's not even that many people using rooted phones, and many are tech savvy people that are generally a bit more careful, so even if a rooted phone gets infected by some malware chances are the malware won't even be written in such a way to try to obtain root permissions through the standard procedure and exploit it.
True. All internet packets are REST API packets - there's no other type of packet. And all cell radio traffic is internet packets (which are REST API packets).
yes. and the websites require you to verify transactions with (unrooted?) phone.
on the other hand phone does not require you to verify with your pc, so there's no second factor unless there is some unacessible secure island within the phone itself.
funny enough, you can probably use that website directly on the phone that you use as 2F, which probably circumvents the 2F idea (at least as long as you use SMS 2F instead of app that checks for root)
This isn't about the bank's security - it is about the users'.
Users are losing billions worldwide due to fraudulent apps. If a user has root and runs a malicious app, it can intercept what a legitimate banking app does. A scam app with root can draw over the screen and tell users to transfer money, or it can run a series of actions when the banking app is running, or do any of a hundred things to steal money.
Sure. But the people who are actually rooting their phones are advanced users and aren't going to install a malicious custom OS. Are naive users getting tricked into rooting their own phones? I'm dubious what the security benefit is of this decision.
These types of discussions on HN get confused because people aren't always clear what they mean by the word "rooting".
There are two ways to root a phone:
1. Unlock the bootloader, install a well designed and highly secure aftermarket OS, relock the bootloader. The device is still just as secure against malware as it was before. Remote attestation shows the vendor that you're running Graphene or Lineage or whatever.
2. Exploit a local vulnerability to drop a sudo binary somewhere. RA shows you're running an exploitable version of Pixel Android, etc.
(2) is absolutely exploitable by fraudsters. They convince the user to run an app or visit a website that exploits their browser or whatever, and the vulns are used to escalate to root and keep it. Now when the user logs into their banking app the HTTP requests are rewritten to command the bank to send money to the adversary. This is why devices that allow escalation to root are excluded via remote attestation.
(1) isn't but it requires more coordination than the industry has proven capable of so far. Binary images of a custom OS could in theory be whitelisted by banks if it was known to be as secure as other operating systems. But there's no forum in which that information can be exchanged. Like, RandOS turns up and the maintainer "xyzkid", identity: anime avatar, claims his OS is super secure. How does random overworked bank developer John Smith know if this is true or not? RandOS doesn't come with any audits, it doesn't have a well paid security team. The brand is a big question mark. And if John makes the wrong call, maybe the bank is now on the hook for millions in losses because someone installed RandOS to get the shiny icon theme or whatever, and then got hacked.
So it's a hard problem. It's not actually a technical problem. Remote attestation is very general. The hard part isn't the tech. It's a social problem. How do you create and rapidly communicate trust in a new binary OS image if you don't have the security resources of an Apple or a Google or a Samsung? Google runs a whole accreditation programme for Android where you can turn up as a phone OEM and get your custom OS builds considered to be secure by passing a huge test suite. So the only issue is OS hackers who fall below the threshold where they can do that.
There's an alternative of course: go full libertarian. Means, just use a "bank" that doesn't care if its users get hacked. This is what the Bitcoin community enabled. It's there if you want it.
I doubt banks or the government would ever white list something like Lineage that's not made by some megacorporation. Also IIRC most phones don't allow you to relock the bootloader after flashing a custom ROM.
>These types of discussions on HN get confused because people aren't always clear what they mean by the word "rooting".
Well it’s more the Dunning Krugerites who see the word “rooting” written by someone in a cyber context, lack that context entirely, and proceed to enter the discussion anyway based on their experience rooting their Android phone 3 years ago after clicking through a few UI buttons.
A rooted android device doesn't run apps as root either, not does it generally allow them to get root access without the user accepting a system prompt.
While they (mostly) have websites, a computer with root access is not sufficient by itself to access them. You also need to perform 2FA via push notification to a proprietary app on an Apple or Google approved device.
In some countries, it's already impossible to make online payments without the bank's phone app. Only a matter of time until all banking is restricted to phones.
Many people also use their bank's app for mobile NFC payments though (more of a thing in EU than US), which you can't easily do with a device that doesn't fit in your pocket.
Serious question, what is gained from this move? Why would a government care? Are rooted phones really that much of a problem?
Surely most people running a rooted phone are tech enthusiasts. Cybercriminals will just use regular phones bought under false names and dispose of them afterwards.
Are you implying there's a big percentage of people getting their money stolen because they rooted their phones? I'd like to see some data on that if so.
I don't know the reality, but my guess would be that it's the inverse of what you proposed; a significant portion of fraud cases identified by banks involved a rooted phone. From the defender's perspective, this could be a problem they run into over and over again, and take an outside place in their eyes.
Probably. I know a guy who roots phones for older people or friends parents, installs pirated games and such for them and making sure it is locked down in certain ways for the older generation.
In other words, the correlation is that older people are more likely to have a rooted phone and are more susceptible to fraud.
Dunno how widespread this is, just something to keep in mind.
I think the point is that phone apps are more secure than, for example, web apps.
Users that try to use mobile apps as if they were web apps, disabling location, and security features are just flagged by numerous security mechanisms.
Quite a contrast from the quote about civilization advancing in proportion to the size and scope of things it can achieve automatically.
Dug it up. Alfred Whitehead:
It is a profoundly erroneous truism, repeated by all copy books and by eminent people when they are making speeches, that we should cultivate the habit of thinking of what we are doing. The precise opposite is the case. Civilization advances by extending the number of important operations which we can perform without thinking about them.
Viet Nam is in the process of rolling out mandatory biometric identification and verification as part of the VNeID project [0], and mobile operators are in the process of rolling out identity stamping if mobile devices using VNeID [1]
Viet Nam is also an authoritarian state who's current leader (To Lam) spent his entire career in Viet Nam's KGB (MPS/BCA). Unlike Westerners, Vietnamese know the red lines - this is why I and my SO (much to her chagrin due to my insistence) never travel back to VN with my personal accounts or devices, and why we keep some friends of friends on speed dial.
I am not sure what you are saying with respect to red lines.
Vietnamese government will not arrest a tourist foreigner for talking bad about the party or about Ho Chi Minh, it would decimate their tourist bottom line. If you don't deal with drugs or actively don't organise against the party, you will be fine.
There is a growing surveillance (which you cited well) but mostly for locals.
edit: oh I misread, you are Viet Kieu, not a western tourist. OK yeah that makes some sense.
They gain credibility with overseas banks. Otherwise, the banks can just say "why do we need to support Vietnam? Too much fraud" and block access from Vietnam and VPNs.
I really don't understand this. My line of thinking is that if someone is technical enough to root his phone he understands the risks. Why would they force banking apps to detect and not work on rooted phones? Why would the government care so much?
It's not to protect the user; it's DRM. Using a non-rooted phone means all apps get DRM for free. You can't simply press 'record screen' when the software sets a flag; you can't view the data that the app processes about you or make backups thereof; you can't control what the device does such as skipping any checks. Fraud detection and CAPTCHAs rely on security through obscurity.
> if someone is technical enough to root his phone he understands the risks
You're looking at this from the user's perspective. Indeed, the narrative is "for your safety, you cannot export your security tokens from your device's storage" or "software that runs as root can bypass all permissions, an attacker might exploit that!", as though users can't make that choice themselves on purchased-to-own hardware. Dropping privileges (https://en.wikipedia.org/wiki/Privilege_separation) has been a thing since as long as I'm alive. Don't be fooled that this "protection" is for you :(
A phone given for repair by a non-technical person can be rooted without their knowledge. The repair person potentially can install malware. We cannot assume the owners of the rooted phone themselves have rooted the phone.
Practically, verified boot is hard to not have a "this phone has been tampered with" message on boot, the backups generated often have encrypted user data that is usually wiped on boot-loader unlock, you'd also need to unlock the phone or have the user give the pin over and most of the apps that implement root checking SDKs would prevent them from working.
I'm not saying its impossible but it is hard to do at present in a way where if I came and picked up my phone again, I'd not know something happened to it.
The only ways I know to take a full backup of an Android device require it to already be at least bootloader unlocked. There are unprivileged ways to take backups, but they don't work for all apps.
I think it has more to do with the phone being tied to an individual, the banking and spending activities being tied to the phone, and the government having some hardware attestation about how people are spending their money and with whom. If you root a phone, you can change things like the MAC addresses. You may be able to futz with a softSIM/eSIM. That makes you harder to track.
I don't think this is actually happening. There is an enormous loss to scams mostly by tech illiterate people using the preinstalled operating system. I don't think the losses that involve user installed OSes are in any way significant.
It's a reliable signal for fraud. The legitimate users are simply noise against this backdrop. The police only think in one direction and never consider the broader consequences of their enforcement perogatives.
"detect unauthorized interference with the Mobile Banking application"
I wonder if this has become a feasible avenue for scammers to interfere via other apps they could convince someone to install on rooted phones. Or if they are worried about skilled people being able to debug/MITM and find vulnerabilities on the banks.
Though from that statement alone, sounds more of a measure to protect banks than customers.
Somewhat. The most popular banks are SOEs owned by ministries, but private sector banks that are local (eg. SCB) or foriegn like Shinhan or HSBC, along with private sector fintech is booming.
> My line of thinking is that if someone is technical enough to root his phone he understands the risks.
Kinda like the Wall Street concepts of "Accredited" and "Sophisticated" investors - who could never possibly fall for a Ponzi scammer like https://en.wikipedia.org/wiki/Bernie_Madoff ?
Not to say I'm a fan of Vietnam, or familiar with their ban - but when people are having their money stolen at scale, there's a very strong tendency to blame the gov't and/or financial system. And it's extremely rare for stolen-at-scale funds to not be "reinvested" in further criminal activities - which again, the gov't is expected to deal with.
A rooted phone is more capable of modifying the banking app itself and has 'freer reign' over the APIs that the app uses to interact with the bank.
Whereas previously the app displays a 'whitelisted' set of UI options to the user, the rooted user could use employee only methods. Somewhere or other every bank has methods that set balances on accounts.
To be honest a law like this makes security by the extremely modest obscurity of not having an "increase your balance" button on the app UI much more tempting.
1. Incompetence. The same reason why many banks al around the world do this without regulations. Some snake oil salesman sold them a security theater SDK or library that blocks user installed or modified OSes.
2. Government control and surveillance. Vietnam is authoritarian. It only makes sense for them to participate in the global war against general purpose computing to gain complete control over their citizens' devices allowing them to restrict software, displayed content and communication to require government approval and enable total surveillance of all activity without any way to bypass this. Instead of outlawing user controlled general purpose computing directly they do it through the backdoor of pretending that it is for people's own safety.
Unfortunately the answer here is to not abide by the law. If there is a reasonable way to bypass this (as the cat-and-mouse game always seems to continue), and there is reasonable expectation to not be caught, then I see no moral quandary with ignoring such a consumer-hostile rule.
I'm not a security researcher, but I do believe in the ingenuity of others. If all else fails, this kind of law in my own country would lead me to running apps within a virtualised environment (if possible), or a dedicated cheap device in a drawer with my actual device still being mine.
This kind of checks would prevent you from running the app in virtualized environments too. You'll need the cheap device, assuming it doesn't get too old or its keys get leaked and your device also gets distrusted as a consequence.
You're claiming that the only legitimate use of rooting is criminal activity, which is not true. Your argument is based on a faulty premise in my eyes.
are you for real? no, its the government telling regular people that simply wants to control their device that THEY are criminals and on same side as intruders.
You should personally immediately return any computing device where you have control, this line of reasoning is insane
So what's the mechanism here? I did not find any sort of api like isPhoneRooted() But also, I did not look very hard.
I am probably missing something obvious(some sort of tpm key attestation) but it feels like it would be impossible task. I mean, theoretically higher layers can check that lower layers have the correct signed checksums, but they need to use the lower layer to do it and the lower layer could just lie to them. (if isSystemFile(f_name) then return originalFile(f_name); or provide a virtual tpm).
The Vietnamese government has mandated all banking apps to detect if either the phone has been rooted, the bootloader has been unlocked, or ADB is enabled and force quit if that's the case.
As a person who was super into the rooting scene before getting iPhone-pilled in 2018 or so, I can see both sides to this issue.
On one hand, people that jump through the crazy hoops phone manufacthrers put up to get root are either technically-proficient or willing to become so and are, usually, responsible enough to keep their devices locked down and secure.
On the other hand, banks are subjected to literally all of the regulations, and breaking any of them usually incurs unbelieveable fines. Given that phones are the default computing device for most people these days and how (relatively) easily secrets can be extracted from rooted devices, blanket-banning them makes a lot of sense.
Nonetheless, modern Android is just as locked down as modern iOS, with a few exceptions (like adb access) and without the awesome hardware and software optimizations for that hardware that make video recording fast and web browsing even faster. Between this and nobody having a real answer to Apple Watch, I'll be an iOS stan for the foreseeable future.
I have a Vietnam bank account tho I live in the States now. I recently enabled developer mode in my Android phone, didn't think much of it. But later when I open my mobile banking app it told me to disable developer mode in order to open the app.
If the banking apps have a Terms of Service, you are free not to use the banking app.
To give a specific example, suppose a banking app wants to require location services in order to try to login. Some users can bypass or spoof this, (in fact that's what the thread is about entirely, and for that they root the phones.
Not all users who root the phones violate ToS, but it's a majority, or even a possibility, so they choose to disallow such usage.
where exactly do you work with this agenda and reasoning? thats insane? banks have been more or less made mandatory by the regimes around the world, and now these things. How can anyone possibly consider it sensible?
India doesn’t have a single “govt ban rooted phones from banking apps” rule, but RBI’s digital payment security controls explicitly allow banks to block mobile apps on rooted/jailbroken devices, and many do. Combine that with device+SIM binding requirements and platform attestation (e.g., Play Integrity), and the practical result is often “no banking/UPI on rooted phones.”
Not only that, Android apps want full access to contacts and SMS but at the same iOS apps don't require those permissions. So it was never really a matter of security. This is all security theater from bootlickers
There are a million legitimate reasons to root a phone (e.g. preserving the battery to minimize e-waste, blocking malicious trackers often allowed by Apple and Google, innovating on the UI, etc.). Apple/Google/Microsoft are run by uninspired, uncreative, and immoral people, and there is a world of innovation and forward thinking we lose out on by letting them rule our tech.
There's no laws banning this in any European countries that I'm aware of, except maybe Hungary? It's just banks being stupid, consumer-hostile, and anti-competitive.
Well, I've built a bunch of mobile banking apps and we did detect if the phone was rooted, was in dev mode, etc. and it is not because we were "stupid, consumer-hostile, and anti-competitive".
If someone steals the secrets from a rooted phone and steals customer's money the bank is on the hook, so banks do everything they can to minimize this risk.
There is no way to store customer's secrets in a PC browser securely, so all the "dangerous" transactions were outright prohibited in the web app or made available only via temporary QR login.
All this is just is a negative side effect of customer protection laws.
These practices are strengthening the Google/Apple hegemony and are ultimately damaging user freedoms and consumer protections. I'm sure that's not your employer's intention, but it is a negative thing that they're contributing to. And because of how essential banking is, banks have a big thumb on this particular scale, and I wish they'd use it for good rathet than for enriching and entrenching evil.
> If someone steals the secrets from a rooted phone and steals customer's money the bank is on the hook, so banks do everything they can to minimize this risk.
Now that's just not true now, is it? Sure the lawyers told you that (the ones that get paid to tell you that), but nowhere in EU was a bank actually fined for not root checking a device.
They were plenty fined by being utterly incompetent with security practices and doing them poorly - like trying to inject wierd .SOs to do the root detection you're defending.
"Payment service providers (PSPs) operating in the EU will have to cover customers’ losses from fraud if their fraud protection regimes are inadequate or poorly implemented under new EU rules."
No bank got fined for not root checking, correct. However banks are on the hook for unauthorized transactions. And "unauthorized" means different thing in different countries.
In some jurisdictions if bank can prove that transaction was made with customer's key then customer can not demand their money back. That's the best case, but there are only few of such jurisdictions and even there the burden of proof is on the bank and it costs a lot.
In other jurisdictions bank must reverse a transaction even if it was proven that the transaction was signed with a legitimate key, but the key _may_ have been stolen.
In some jurisdictions (i.e U.S.) banks are required to reverse a transaction at a customer’s request, even if the customer does not dispute having made the transaction.
In any case dealing with all this is too expensive and risky.
Practically impossible to store secrets in a desktop app too.
Besides, customers would not willing to install a desktop app. And those who would, will require support.
And surprisingly I can pay securely using my PC, fully rooted, on FOSS software. Hardware tokens have been a thing for decades. There are more second (or third) factor authentication and signing solutions than I can enumerate.
Do peope get defrauded using online banking? Sure. But usually not in a way that would be stopped by secure attestation.
Is this yet more evidence of how utterly broken US banks are? Assuming you are referring to US banks.
For the past 20 or so years, every bank I've been with in Belgium has provided me with one of three types of hardware token:
1. An OTP token that's just a screen that displays a new 6 digit token every couple of seconds (haven't seen one of these in a few years now). This was used to supplement username/password on login and to verify every bank transfer.
2. A token with a screen and a display, which generates OTPs based on input. E.g. for a payment the bank would tell me to enter the amount + the last N digits of the bank account, the token then generates an OTP, which I can use to confirm the payment. That's what 2 of my 3 banks currently use. They have separate modes for logging in, for signing bank transfers, for signing 3D Secure online payments, etc.
3. A card reader where where I just slot in my card. I can then log in or sign payments using the card's chip & pin. This is what my third bank uses. There are a couple of variants on this, such as models which connect with USB and models which can read QR codes from your screen so you don't have to tap in anything except for your PIN.
Problem is that banks place a lot of trust on a locked-down phone and I have a hard time trusting a blackbox device I don't really own but only paid for.
That's the reason I mostly use online banking on the web, not on a device.
If it ever comes to that in my country I can also use my previous, unrooted backup phone to host these apps and keep it at home.
I'm not at all thrilled of the idea of carrying your credentials to your bank account on your phone, accessible via a 4-digit PIN out there in the world in the first place. For some reason, banks think it's great.
Could we have the same level of security - or very close to it - from requiring a secure enclave like a vm running on the device for banking apps with hardware passthrough, or would there be no way for that vm to verify it has actual hardware passthrough and that it's not being tampered with?
That way you would just get the entire vm with the app from the Play Store or Apple, and nobody needs to worry about root?
I get the general skepticism and how this gives anti freedom vibes, but wouldn't this also prevent some actual rootkit like sideloaded apps stealing credentials?
Not deep into rooting scene but seems plausible to me that this has some merit if you squint at it from the right angle
Trusted agents are useful. And I'm using legal meanings, not technical meanings here - so a "trusted agent" is someone or something that is legally acting on your behalf, to perform actions as though you were performing them.
The whole fucking promise of "general purpose computing" is that citizens should be able to delegate repetitive and tedious tasks to a computer. And they should have the full freedom to pick both which tasks are delegated, as well as which agent (program) is performing them.
Instead - what we're seeing is that companies are closing off as many avenues of automation for the average citizen as possible, under the guise of security.
The problem is that selecting a neutral (trusted!) agent is really, REALLY important, and companies are absolutely not neutral. They don't want the best results for "average Joe customer", they want the best results for themselves: the company.
They will make decisions that are contrary to your best interests all the time. They have exactly zero fiduciary duty to you, and boy do they know it.
In a decent world - in a decent CAPITALIST SOCIETY (which we can already debate the decency of in the first place) you allow space in the market for modification. Ex - don't like your desk? Change it. Don't like your car radio? Change it. Don't like that tool handle? Change it. Pick a different one, even one from a totally different company. Replace it.
This allows new ideas, new growth, and prevents stagnation.
In the digital world... there are a few companies that are trying as hard as possible to prevent you from being able to change anything.
---
Want a new browser? Fuck you.
Want a different UI for your banking needs? Fuck you.
Want to watch something without the ads? Fuck you.
Want to watch something with the ads, but in a less miserable ui? Fuck you too.
Want to automate something? Fuck you.
Want to export your data? Fuck you.
Want to sell software without us taking our rent money? Fuck you.
Want to shop in a different store? Fuck you.
Can't be letting our users make decisions that might cost us money.
---
So we're seeing an absolutely insane number of "digital locks" being employed not to protect users. No - instead they're getting deployed to protect revenue at the expense of users.
The only possible outcome is that service quality degrades to the point where you literally are better off without. Because that's what happens to incentives when you let companies operate in this manner.
If the consumer has no choice - the market has no power, and what little value there is in capitalism goes right into the trash bin.
So sure - if you squint, this maybe prevents someone from making a bad decision on which agent they trust.
But the problem is that now they HAVE to trust an agent they know is going to make bad decisions for them. Hope you like the biggest ad company in the world owning you digitally... Serfdom here we come.
I get what you're saying about general purpose computing. I do a bunch of selfhosting flavoured stuff so we're on the same wavelength in a way.
...but I don't think that's the lens legislators look through here. I think it's more like "Last week and upset constituent lost all their savings". This politician cares more about protecting gullible constituent than a hypothetical stallman-esque freedom argument.
Not saying I agree, but rather that I can see why a politician might land on that conclusion
In the given scenario though it's less likely such a user would be using a rooted or replacement OS. It's an involved process to do this in the first place.
Ie: the much larger percent of users affected by this news would already be more technically savvy and one would assume be less susceptible to known scams.
To your parent point though, sideloading apps per se OTOH is something most Android installs can do without rooting or a replacement OS. Google is already rolling out developer verification requirements for sideloaded apps on GMS Android installs (most devices) to mitigate impact of malicious apps, so there is already action being taken for regular users.
One could imagine other reasons Vietnam may want to dissuade more tech savvy users from running AOSP-based installs (such as GrapheneOS, which is known to be robust against Cellebrite) and using banking is a decent place to start.
Apple is already a walled garden, granting you only access to your hardware and they see fit.
Google desperately wants to follow suit by enforcing developer registration (which is just the first step).
And now this. This is will happen in the EU and US as well.
And always in the name of security, safety, or "will nobody think of the children?!"
1. Don't people on HN realize Vietnam is a single party authoritarian state with a very active secret police (MPS/BCA)?
2. Vietnam has been in the process of rolling out national biometric identification for years now as part of the VNeID [0] project, and unifying that with banking and mobile phone identification is an important part of that such as with the recent FPT Telecom announcement [1]. The aim is to turn VNeID into a super-app by 2030 [2], and from what I've seen in rural areas of the Central Highlands, it's on track.
Google is to blame, they're abusing device security by preloading their unremovable spyware with elevated privileges.. people then want to remove it but then find themselves unable to use banking apps because of this.
I'm not against having a separate secure phone to use with banking apps, but that phone must be designed for security, not for Google's ad driven business model..
I'm not a fan of Apple, but I have to admit they're less intrusive when it comes to unremovable unwanted software (it's less open for those making software though).
I wish we didn't have to choose between Google and Apple, especially here in Europe where we can be sactioned by the US for doing our job..
One more reason for phones to be modularized. Separate the comms from the (owner-controlled) computer module until needed. Use different CPU module when needed. Swap out battery module.
Why can't rooted phones pretend to be non-rooted phones for the purpose of certain apps? What's the point of rooting if you can't even selectively pretend?
Because root is not the ultimate authority of what goes on in the phone; the hardware is, and the hardware contains a TPM (Treacherous Platform Module). The TPM has secret cryptographic keys it never shares with anyone, neither root nor an unrooted OS. When the phone starts, the TPM checks if the OS has been modified from what the manufacturer supplies or not.
The bank's app can then ask the OS to sign documents using the TPM's secret keys, and the OS forwards such requests to the TPM. The TPM refuses such requests from modified OS but obliges requests from an unmodified OS. The bank's servers refuse to accept documents not signed by the TPM.
Root can't pretend to be a TPM and make up some secret keys to sign documents with because the TPM's signature is itself signed by Google, so the bank can tell the difference between root's signature and a treacherous signature.
If this pretending works 100%, then a malware can use that technique to pretend that the phone is secure, to trick you into using your bank app and steal your money anyway.
I also prefer to own my device and be root on it, while installing all the "pretend I'm non-rooted" functionality on it, I did think "this is basically installing a rootkit to tell the OS 'yes, I'm clean!'.". Then my bank (fuck them very much) decided to add a check for a locked bootloader and refused to work without it. I suppose maybe there's a way for the "rootkit" to lie and say "Yes the bootloader is locked!"?
I didn't read all the comments, but it seems to have been lost that it's a fight between freedom (allowing people to "own" their devices) and protecting the general public from harm (being scammed and losing all their money). We also have to give up some freedoms, eg. we are forced to wear helmets or seatbelts as participants of traffic, to ensure a better protection.
This is what will happen sooner or later. One cheap, non-rooted, Googled Android phone at home for 2FA and other official nonsense, powered off when not in use.
All other business, including personal communications, conducted on a GrapheneOS device. These days you don't even need a phone number for your everyday device, a data-only roaming plan like silent.link is enough. This is not yet necessary in the U.S., but we are dangerously close.
Easier said than done. You have to maintain two phones then (updates, keeping charged). You don't want to carry two phones around. Also you have to have two SIM cards/telephone numbers which costs money.
don’t need sim card on second one
it is even more secure that way
it is very common to have different phones for people who work with money transfers (including crypto)
You jest, but an actual "digital wallet" device is something I'd quite like to see. Something that's actually secure (like not running an ancient android version that never sees security updates). That only deals with money, without any garbage running on it. That displays and verifies the amount before processing any contactless payments. That supports multiple banks, multiple bank accounts, multiple payment cards etc.
I utterly detest the idea of having to use a phone for anything that I'd like to be secure. I browse Reddig on that thing. I watch porn on that thing, I don't want my porn anywhere near my bank account.
That sounds like a utopia we've passed by on our way here. Maybe it's possible to make such a dedicated hardware device when the digital wallet becomes available for a (mobile) linux distribution or a degoogled android. Let's see when the phone manufacturers think that's a good idea to lobby for
I'm cynical about the whole digital wallet idea because of this. Not that it's not useful, but it's tying your mobile surveillance unit and browser history to an identity on hardware that you are not meant to control
The other more compelling reason why people would have a rooted phone is to run ROMs that may still be providing OS support where the stock OS has been abandoned or EOL'd by the developer.
Having an unlocked bootloader at the minimum would be required in those scenarios. It actually saves hardware that still works from ending up in landfills.
I have a cache of old devices, largely the freebies Google gave out at I/O in the early days of Android. Was prepping them to sell last week and saw most are running Cyanogen (the first big community Android fork). Even then, root was a popular way to gain more functionality and add features that haven't been released for a device.
Incidentally, if anyone wants some collector's edition Google/Android devices...
> Incidentally, if anyone wants some collector's edition Google/Android devices...
Please get in touch with the postmarketOS folks, since any phone old enough to be running CyanogenMod proper is most likely not supported there yet. (It would be super nice to even have a proper list of all devices where old CyanogenMod was officially supported at some point, with device specs for each. We're lacking even that at present because the transition from the CyanogenMod name to LineageOS was so messy.)
Of course, the combination of extremely limited hardware specs (512MB RAM + 512MB built-in storage was a common spec), old ARM32 SoCs and the ongoing 3G/2G mobile network phaseout means that many such devices will only really be useful as glorified palmtops or for even more minimal uses. But it might be worth experimenting with nonetheless.
Don't mess with Vietnam please. My phone's CSC is set to Vietnam to enable call recording. I love that feature but I don't want to lose my banking apps.
The fact it’s the government who cares suggests whose interests the law is serving. Viet Nam is a pretty authoritarian country right now, and it loves the ability to track the activities of citizens.
Of course if you have root, you can make other programs work as you please.
They need to go further to outlaw hide root apps, and then install special app to track the status of the phone to make sure it is not rooted. Then allow police to randomly check the presence of this app on people phones. Every phone needs to be registered and pass hardware inspection every year. Even better, make so called offices where people can come and deposit or transfer money, it will be super safe.
They won't need to do that. Once Google Play Integrity starts using remotely provisioned keys in a few years it will be impossible to hide root without exploiting a hardware or firmware vulnerability.
Government banning insecure open standards and then not providing a secure open standard is atrocious. If I must have an official authorizing thing to prove I'm who I say I am, make it as small as possible.
If you mandated that they have to support Yubikey or whatever on open platforms I'd take that as a decent alternative. But just "no you must use a device controlled by somebody else" is not acceptable.
YAS!! The option is to provision an key from a server tied to a national id and downloadable only to specific device. BUT NO!!! Just ban things instead of doing the right thing!
Smart phones are not personal computers. They're shopping/government/etc terminals. You don't and never have controlled them, even with root (re: tight integration of the baseband computer which only the telco has a license for, not you). Their best use re: computing is acting as wifi hotspot for their cell telco CNAT connection. The time to stop using them as computers is now, not when your local government passes these laws. Apple is already forcing it and Google has shown it's cards even if walked it back temporarily.
You don't own your PC either. All modern PCs have a Trusted Platform Module that the authorities can and will use to lock down PCs eventually. Multiplayer games are already using hardware attestation on PC for anti-cheat.
you are right, but you are misplacing the blame. it's not that you dont own your phone, it's that you dont own your bank account and the bank can dictate how you access it
I see your point and it's valid in this context. But both ends of non-ownership contribute. One doesn't own the smartphone and one doesn't own the bank account.
The National Credit Union Federation of Korea (NACUFOK) represents over 800 member-owned unions (https://www.cu.co.kr/english/main.do), and then there is the even larger Saemaul Geumgo (MG) network which operates as community credit cooperatives with millions of members. These people ostensibly own their "bank" accounts.
Now, we're locking people out of society for having the audacity of wanting to decide what gets run and not run on their computers?
Kinda weird, if you think about it. But that seems to be the way it's heading.
No, the much more secure while at the same time liberty-preserving way to do this are heavily sandboxed secure enclaves with attestation, or even better standalone tamper-proof devices capable of attestation.
Like the ones practically every bank customer already has in their wallet, and for which most phones have a built-in reader these days... The only thing missing is a secure input and output channel, like a small built-in display and a button or biometric input.
In any case, I somewhat empathize with banks in that they want to ensure that my transaction confirmation device is not compromised, but getting to dictate what software does and doesn't run on my own hardware outside of maybe a narrow sandbox needed to do that is a no-go.
That is one of the reasons the crypto market is behaving like some radical innovation instead of just a group of bozos speedrunning financial history. For the first time since the invention of capital we have an asset class where it doesn't take the cooperation of a group of armed thugs to guarantee the integrity of the system.
It's not money-preserving though. You need an extra device, and an extra phone number. The separate phone number is another privacy-preserving feature though.
A cheap Android phone is pretty much the opposite of a Yubikey, in terms of trusted computing base and attack surface.
My favorite, basic example is this: I'd like to create my own basic widget showing me my account balance on my phone's home screen. Doesn't have to be real-time, but accurate to +/- few minutes to what the bank app would say when I opened it. It has to be completely non-interactive - no me clicking to confirm, no reauthorizing every query or every couple hours. Just a simple piece of text, showing one number.
As far as I know it, there's no way of making it happen without breaking sandboxing or otherwise hacking the app and/or API endpoints in a way that's likely to break, and likely to get you in trouble with the bank.
It should not be that way. This is a basic piece of information I'm entitled to - one that I can get, but the banks decided I need to do it interactively, which severely limits the utility.
This is my litmus test. Until that can be done easily, I see the other side (banks, in cooperation with platform vendors) overreaching and controlling more than they should.
The point of the exercise isn't to just see the number occasionally; I can (begrudgingly) do that from the app. The difference here is that having the number means I can use it downstream. Instead of a widget on the phone screen, I could have it shown on a LED panel in my home office or kitchen[0], or Home Assistant dashboard. Or I could have a cron job automatically feeding it to my budgeting spreadsheet every 6 hours. Or I could have an LLM[1] remind me I've spent too much this week, or automatically order a pizza on Saturday evening but only if I'm not below a certain threshold. Or...
Endless realistic, highly individual applications, of a single basic number. The whole point of general-purpose computing empowering individuals. If only I could get that single number out.
--
[0] - Why would I want that is besides the point.
[1] - E.g. via Home Assistant.
Much like I expect my employer to provide me hardware, and that hardware is used exclusively for work.
I shouldn't have to spend my own money on another device, nor should they be asserting their desires for control onto my own devices.
Otherwise, they just get to be OK with offering me a website or letting me transact with them on my own device that's under my own control without stipulations like requiring attestation, or prohibiting root.
The point is, governments nor banks or other private entities, should be getting to dictate what can and cannot be done on someone's computing device.
Just "a phone" with a bad update policy is $100.
A country that is a dictatorship - I can understand why their slaves have to go through this. I fail to see why a true democracy would do this though. There is zero need to be required to have a smartphone; all those transactions work perfectly fine on a desktop computer system too, under Linux. People then may have a second device at home, some card reader and/or a thing such as Yubiko or something like that. IMO not even this should be required, but to mandate an app that would not be permissive under Linux - that is true dictatorship. I am surprised the government of Vietnam went that way.
(From the kernel-level anti-cheat discussion the other day)
Maybe in US. In Vietnam, $300 is the average monthly salary, and the minimum wage is around $150. Probably the majority of people don't have a primary phone worth more than $300.
Of course in Canada we have a banking oligopoly that is effectively there just to rob people, but ironically any of the “challenger” startup banks are 100% app based afaik
I did install app from CIBC for one single and the only purpose - deposit cheques sent to me by clients to my business account without having to go to ATM or the bank teller.
Anything remotely more advanced than that, please let me use my computer and an app or website with, you know, an interface designed for more advanced operations.
Trying to do anything on a smartphone/touchscreen only device is nothing but an effort in pure frustration for me.
Piracy isn’t merely a virtue, but a moral imperative, an obligation to uphold civic freedom.
It is immoral not to pirate. It is everyone’s duty to do their part in normalizing and encouraging piracy.
The problem here isn't the money, it's the lack of privacy and control.
The best analog I can think of to piracy in this situation would be rooting the phone/installing GrapheneOS. And, yeah, that's definitely something people should do if they want that control, but I really hope people don't put it in the same category as piracy...
See also this article from Cory Doctorow:
https://pluralistic.net/2026/01/01/39c3/
How many companies even produce these controllers?
But that weak ass crime, that we like to call pirating in order to appear cool, No, that is not theft at all.
No need for the scare quotes. Forcefully removing people's agency over themselves is pretty much the definition of evil. We do not hurt criminals as punishment anymore, in the civilized age, but we still lock them up.
Now, of course we should not equate physical prisons and digital prisons in any other way, but we should absolutely call both forms of imprisonment evil, plain and simple.
Through the 00s, Apple practically built their reputation on being "virus-free" which really just meant they locked out the user from being able to do anything too extreme.
I do not know whether Vietnam has any pretence of digital sovereignty, but many countries that do are doing this like this to actively move away from it.
The real irony here is the use of free software to tear down everything the free software movement stood for.
I really hope we can convince enough people to care about general computing.
In fact this is what led me to unlocking the bootloader, swapping the OS and rooting my phone. The infuriating situation where if you setup so called "corporate owner" (or mdm) during the first login you can add your own certificates, but if you don't... Basically the "corporate owner" of your phone is Google.
Yes, literally, you do not own it.
Also it is worth noting certain countries where "rooting/bootloader unlocking is illegal" - namely China and the horrible stupidity of people claiming EU Gdpr prevents manufacturers from offering simple bootloader unlocks for their phones.
We absolutely need to vote with our walkers. I bought a Samsung before and a Xiaomi recently only because both allow relatively simple unlock (ok the Xiaomi requires you to wait to press "request unlock" exactly at midnight Beijing time", and it only works for non-Chinese phones, but still unlocks fine.
It is better for the vast majority of people that they don't have root access to their PC or phone or tablet because they are unequipped to securely manage that AND it has basically zero upside for them. They can't manage updates. They install random programs from the Internet to get smiley faces in Outlook.
This may offend your sensibilities. Sorry. But you're living in a fantasy land if you still hold onto this narrative, particularly without explaining to ordinary people how this will practically benefit them beyond theoretical platitudes about "freedom".
Yes, absolutely, most people would be better off not having that control and most of those people are also fine with not having it.
But everyone, for better or worse, has the right to demand that control if they want it.
App sandboxing and system file integrity is one of the most beneficial security features of modern computing, and the vast majority of people have no desire to turn it off. You can buy rootable phones. People overwhelmingly choose iPhones instead.
Even if Apple sold the SRD at scale, nobody would buy the weird insecure hacker iPhone except us and maybe kids who realllly want Fortnite.
There was never going to be anything preventing non-technical folks from buying iPhones. They can and should have what they like.
Why should there be a law that forces that same compromise onto anyone who can only afford a single device and needs to use it to access their bank?
If there is a series of buttons you can press to circumvent the anti-scam measures, then the scammers simply walk you through pressing those buttons. If you cover them in giant warning labels the scammers simply add explanations into their patter. The buttons must physically not exist, for gullible people to not get scammed out of money.
The next response will be 'well maybe we shouldn't accommodate them'. They vote, and there's more of them than you.
No, only when you don't do this and nothing else to improve security. You're presenting a false dichotomy.
> If there is a series of buttons you can press to circumvent the anti-scam measures, then the scammers simply walk you through pressing those buttons.
If the scammers can walk somebody through doing all that, why would they stop at just asking them to send money over to them "to safekeep it because of a compromised account" or whatever the social engineering scheme of the week is?
I don't care. Society doesn't exist to keep people safe from their own bad decisions.
Regardless, it isn’t a law that you have to buy an iPhone.
Bullshit. Big tech's war on general purpose computing hasn't stopped scam. It's a pretext for rent seeking and control and you know it. It's the reason we don't have a popular ecosystem of FOSS alternatives on mobile. It's the reason we can't run virtual machines on tablets when the hardware very much can.
If combating scam is a priority of big tech, I know where to start. Get rid of ads! That would actually be enormously effective as it gets rid of the primary entry point of scams.
> If there is a series of buttons you can press to circumvent the anti-scam measures
So the best you can come up with is an imaginary button on phones that can magically circumvent checks that should be implemented server-side? Have you any idea how software works?
We shouldn't be protecting someone that gullible at the expense of everyone else who is smart enough to actually read whats on the screen and not fall for such simple scams.
Not that long ago most of this forum was very much against giving up freedoms in favor of catering to the lowest common denominator. What happened?
People need to take responsibility for their own actions and educate themselves, not rely on a lack of freedom to protect them.
My uncle, an engineer, was scammed out of his life savings last year. He was a smart guy, he just got older.
The average user simply does not have the skill to determine real from fake and any heuristics to do so will be defeated by the scammers. You have to be able to understand what could be done with access, not what's "intended" with the access.
You can have sandboxing and system integrity while still giving the user overrides. But hey this is not Google and Apple's business model because it makes you less dependent on them. And it interferes with their sweet 30% rent-seeking app stores.
Mobile security works this way not because it's best for us but because it's best for making them money.
> You can buy rootable phones.
Eh yeah but the problem is of course being locked out of apps if you actually root it.
I don't want Google or Apple to decide what I can do with my phone. Or the government like in this case. This also opens the door for evil spyware like chatcontrol in europe. Even today they are trying to enforce a backdoor into whatsapp to block "harmful content" which is of course impossible without breaking or circumventing the E2E on-device.
> People overwhelmingly choose iPhones instead.
Maybe in America, not here in Spain. I guess not in Vietnam either.
How? What kind of overrides? You mean that Safetynet could still report attestations?
I have no idea how it works, but doesn't it require a chain of trust, starting from a known boot image, then every process that can write to arbitrary memory needs to be a known image? (And even that might not be enough if there are ways to dynamically exploit them.)
I don't believe in remote attestation anyway. It didn't even say the service is secure. It just proves it's as released by Google. But security doesn't have to rely on a big brother checking things for you. You can have security without it.
In those systems, it won't boot without a good signature, so the user is protected against attacks that break the user's chosen chain of trust.
Remote attestation of consumer devices, e.g. Safetynet is evil.
I think this is wishful thinking, and the most experienced organizations in the world in this field agree with me. You can’t square this circle.
We can pretend that these two things can coexist, but they cannot. Where there are overrides, there are youtube tutorials on how to disable the overrides to install malicious botnet vpn surveillance proxy apps to get free robux. (to borrow a turn of phrase from @ptacek iirc)
If you give users an escape hatch, they will get malware in ring 0 and Apple Pay will stop being a thing because people’s cards will start getting remotely skimmed at scale. (Or Amazon will give you 1.5% off all purchases to install a rootkit that uploads your complete realtime cc nfc purchase boop history and email receipts and location track so they can figure out which businesses to clone/dump on next.)
If you say “…but not the SEP” then you’re just admitting that you need a part of the phone the user does not and cannot control. Most users care about the privacy of their nudes and sexts so they’d rather it be the whole damn phone.
Did we forget that even the not-full-scale escape hatch that was enterprise app certs was abused by Meta (then Facebook) to install surveillance VPN backdoors on customer phones at scale? Apple didn’t even know bc they were sideloading them via enterprise certs and when they found out they revoked them across the board, but by then thousands of people had had 100% of their phone’s network traffic surveilled by an ad company without consent.
Got it.
And remember the consequences when Apple starts scanning all your photos and sends a SWAT team to arrest a father who took a picture of his son's rash and sent it to a doctor, because surely he was engaging in child abuse.
I rather have Meta steal info of the 100mln idiots that install their root kits on their devices than have Apple and Google do the same for Billions (with a B) to protect from the former.
Further, the people promulgating this sort of solution know this. The evil is that they are wittingly using a problem as the excuse and the cover to get something else they want which they would otherwise never get and have no right to.
For everyone who is doing this knowingly, there are countless other sincere but unwitting tools haplessly just buying the line sold to them. So you might be able to say you are not evil for supporting this kind of policy, but all that means is that you are either a witting or unwitting tool of the evil policy.
"Rapes happen behind closed doors, therefore we have to remove all doors. No one denies that rape happens and that it's a bad thing. And it's irrerfutable that without doors that close, no one would be able to get away with a rape. And so, the only grown-up thing to do is agree to give up doors that close. It's not an evil at all."
This is kind of a shitty compromise, the second you leave a tiny crack open in the security, maybe through root access, maybe some better sideloading, somehow people WILL be tricked into installing malware, and it baffles me...
I've seen it happen multiple times with my older (and younger, though less often) relatives and acquaintances, I'm really not sure how like a solid 5 dialogs that scream at them with sayings like "do not do this", "this is dangerous", "if someone is telling you to do this they're a scammer", and that somehow raises zero alarms, however if you tell them to consider the possibility that they're downloading a virus, or that the nice IT man on the phone is probably not that trustworthy, they will simply not believe you.
That's why I kind of get the paranoia, though most of it is just that and I really believe that software freedom is a whole lot more important.
For the masses, lack of system-level access is a benefit because they won't be able to ruin their device. For hackers and hobbyists, lack of system-level access is a hindrance because they won't be able to control their device.
Why can "normal people" be trusted with a car then? Or firearms? Or kitchen knives?
Tylenol is another example. Building materials is a third (building and fire codes are a relatively recent invention). Hell, even penicillin is by prescription only.
Letting the circumstance happen where median people can easily cause externalities through ignorance or carelessness is how we incinerated the planet and destroyed the biosphere as we know it with fossil fuel emissions, because it’s nbd (still even now in 2026, when we know about runaway polar greenhouse curves) to get in your ICE car and drive to the corner store.
When normal people had GP computers, we got botnets millions strong and DDoS in the Tbit/sec range and keyloggers on every hotel lobby computer hooked up to the boarding pass printer. Median people are way safer on the internet now than before.
If you mean Indonesia (the county closest to 3.5% of the human population) or the US (the nearest above 3.5% at 4.1%+) then you are high by an order of magnitude. Two jumbo jets are around 1000 people. US car deaths are around 100 a day and Indonesia is a little lower.
If you mean Pakistan (the next country after Indonesia at 2.9%) you are high by close to two orders of magnitude. They have around 15 deaths a day.
All other things being equal, we should try to protect people. But we shouldn't force everyone to make the choices that are best for the people with the least comprehension of what they're doing.
Of the few people using rooted phones to begin with, there's even fewer that don't know what they're doing.
Much more likely is this is a decision to get in line with the well documented and rapidly spreading surveillance laws of the past few years.
> But we shouldn't force everyone to make the choices that are best for the people with the least comprehension of what they're doing.
You are acting like it's easy to accidentally root your phone
We also limit investing in certain types of investments to so-called “accredited investors” which is just legal jargon for “millionaires”.
I don’t think the point you are trying to make about letting people own-goal is as strong as you think it is. (I would have gone with “roulette is legal”, which is a better one that the investment one, as the accredited investor rule is in all 50 states.)
If you are interested in the public good, I think it is pretty clear that we should ban roulette overnight since it has a negative expected value for everyone but the casino. On the other hand (still presuming you're interested in the public good), I think you have to consider very carefully whether it's good or bad to lock people out of investments or to restrict people's access to health care.
Much in the same way we try to limit physical addiction, which hypothetically only affects the person taking the substance, and gambling (though we're moving backwards on sports betting).
Some hypothetical social ills: 1 If it's a good source of money, it becomes more ubiquitous. This leads to entire illegal markets, which will typically lead to additional crimes, up to and including human trafficking, slavery, organ harvesting, and murder https://en.wikipedia.org/wiki/Scam_center.
2. The victims of scams will often feed shared or even stolen assets into the scam, desperately relying on an eventual return that will never come. This mirrors one of the better known social ills of gambling and addiction.
3. Even for people that never fall victim, defending against scams is tiring, irritating, and damages social fabric. An easy example is how spam cuts down on the utility of phone calls. In general, to be safe you have to be almost irrationally suspicious of anyone being surprisingly friendly, which makes non in-person connections -one of the greatest benefits of the internet - much harder and more dangerous to forge.
What do you think, is that enough reasons?
4. These kinds of "social ills" hypothetically affecting only individuals, actually spill over to affect their families, and, at scale, communities.
That being said, in most cases it still doesn't justify this level of drastic intervention. Otherwise, cigarettes and alcohol and even Lotto would've been banned out of existence by fiat.
That's why you can't have root access to the modem even though you technically own it.
You can protect against that by requiring the app to have a valid signature. You cannot guarantee that the signature is valid unless you can guarantee that the kernel has not been modified. You cannot guarantee that the kernel has not been modified if the phone has been rooted.
For what it's worth, my banking app for my Canadian bank (and the app which does second-factor authentication for web transactions when doing web-based online banking) will not run on a rooted phone. For good reason, I think.
My bank used to use SMS for second-factor authentication, but no longer does so. For good reason. When I do online banking from my desktop, I still have to use the second-factor authentication login on my phone. Or sim-less tablet, interestingly. Whatever the mechanism, is, it is not SMS based.
The irrefutable part here is that the security model works. Locking down the bootloader and enforcing TEE signatures does stop malware. But it also kills user agency. We are moving to a model where the user is considered the adversary on their own hardware. The genius of the modders in that XDA thread is undeniable, but they are fighting a war against the fundamental architecture of modern trust and the architecture is winning.
If I could get away with carrying a tiny device again instead of lugging around a brick I would, but the world has made it as inconvenient as possible not to.
A BlackBerry from 15 years ago weighed just over 100g and did 80% of what your modern-day pocket computer can.
Then they might move somewhere else with different banks and different hardware requirements, they will carry 5 phones.
I remember BlackBerry OS 4.x (?) had a built-in password manager app and this was in the mid-2000s. By comparison this was added to iOS 18 in 2024.
What it wasn't good at was things like games and toxic consumer rich media bullshit. The industry saw dollar signs with iOS and Android and never wrote apps for the ecosystem.
Remember the days when Instagram was iOS-only?
But here we are, resigned to typing on glass for the rest of our lives because some hippie burnout thought it was a good idea.
https://crackberry.com/clicks-communicator
What makes you think it'll be supported for a decade? Looking at the past models, the support period is around 5-7 years. If you count security updates that might get you to 10 years, but at the 7-9 year mark apps will eventually refuse to update because you're not on the latest ios.
https://en.wikipedia.org/wiki/IPhone#Models
for my smartphone usage, i could still use my iphone se (1° gen) perfectly fine and that would include writing some pieces with garageband; which got deprecated and non-download-able because newer versions weren't aimed to my iOS version. heck the vast majority of smartphones aren't compilling software with local hardware (nor i know why someone would do)... guess we could stop with processing power advancement of 2015 just fine to run Whataspp and Instagram. producing hardware is costly, not everyone has a decent job nor minerals are infinite and have no ecological impact
If they stopped, I think I would seriously consider swapping banks and whatever else instead of using a different OS.
The iPhone SE would be the one I use for calls, SMS, etc. It has the SIM card.
The Pixel 9a would be used for everything I don't need a data plan/SIM card (browsing etc).
My needs are a bit different from yours. I like to separate telephony and communication (i.e. WhatsApp, SMS) from everything else. This way, if I want quiet, I just turn that phone to airplane mode. I really don't want to get random pings while I'm doing "real" stuff on my phone.
Over the years, I've spent far too much time with different solutions for managing notifications, etc. Turns out simply keeping the older phone after buying a newer one was the easiest approach. No downsides so far. The old phone has the SIM card. The new one doesn't.
Also, that's only half of it. I have to move it out of "Do not disturb" at some point. Or set a timeline for it. Why should I when I just don't need to?
Also, it's been years since I used "Do not disturb". Does it show notification icons in the drawer on top? That's a definite no-no.
And with focus modes with location based triggers, you can set it to turn DND on when you get home and it automatically turns off when you leave home.
For example, do most daily transactions at one bank, and keep the rest at another.
This happens a lot in companies and government - you outsource payable operations to different division of government or a contractor. Hire one to do custody of money, another to process disbursements.
https://support.apple.com/guide/security/express-cards-with-...
I'm thinking a ring type device might be better--put a pulse oximeter into it, you unlock it with your phone, it remains unlocked only so long as it gets basically perfect data from the oximeter, locks if it fails for a second. Thus said robber can neither snatch your ring nor cut off your finger and use it. I like the metal mesh straps that can hold my device very snugly against my skin without being tight and that would be good enough, but a looser strap would not.
That's a nice idea. You could have a simple card-shaped device with no screen or buttons, and call that a "credit card".
“Be kind. Don't be snarky.”
“Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.”
Like a credit card? They've been around for some time.
Note that the payments are tied to a card/chip but you can (at the moment) buy new card no id/registration required
It was really like digital cash, the money was loaded onto a chip. So if you lost it you lost all the money. There was no pin code either, just like a real wallet. Unfortunately it was not really anonymous because the Dutch government are really into surveillance.
It didn't really last very long, it was only popular for parking machines. In those days 2G was expensive so validating transactions online was rare.
At the same time there was also the Exxon-Mobil Speedpass RFID fob, and I remember there being a huge discussion about “the battle of the keychain” and whose payment instrument would win being on your keys to be used the most alongside your loyalty cards.
Everytime I have to use a stock phone I'm appalled at the ads and I have absolutely no trust in any US or Chinese manufacturer. So I use them only for banking and digital id because that's presumably not what they actually care about.
It's not that expensive, I think many people have an old Android phone lying around, it doesn't have to be up to date.
In reality, banks couldn’t care less. They only care about checking boxes and don’t consider where these boxes come from; every unchecked box is a risk.
Did the latest sham "security audit" say that root is bad? They'll block it.
For 2 years the voice authentication worked fine (they call me, I type in a number) on my regular rooted phone. Then one random morning I just stopped getting the phone calls. "Network said no".
Complete lock out, nothing I could do except go out and panic-buy an unrooted phone not running Lineage and using a modern Android version. (I tried my older unofficial lineage phones without root, and no dice.)
I opted for a good phone I could postmarket later, but gosh did it set me back almost 1/5 of my monthly salary.
Most of my banking apps work fine on GrapheneOS, but I've adopted this because I'm confident they'll eventually break. And access to Apple Pay is nice.
Carrying two phones is annoying, but, agency over my main computing device is worth the price.
I run a proxmox server on my home Lan with all the services and storage I want, including a wireguard server. My Android phone can then connect to my home LAN services from anywhere in the world (my ISP provides static public IP addresses).
My Android device is then a simple terminal to all my "stuff". It can be locked down as much as they want it to be, as long as it can run WireGuard. I have no use for a rooted phone. In fact I want it to be as hardened as possible in case of theft.
Then you choose the flagship device you're going to use 99% of the time on the basis of how easily you can unlock the bootloader/root.
Sometimes when party tickets come online I have to be really quick to buy them for early bird price.
https://privsec.dev/posts/android/banking-applications-compa...
https://grapheneos.org/usage#banking-apps
But nope the cryptobros just turned it into another pyramid speculation scheme and the governments ruined the customer independence with their KYC stuff. Now it's just an online version of the old system where the exchanges are the new banks.
the only way to disable any transmissions is to turn off the device
I used to be under the impression that:
- Airplane Mode via Control Center icon, true.
- Cellular, WiFi, and Bluetooth off, via Settings, not true.
Meaning, if you turn those off specifically, you are not talking to towers or access points or broadcasting a persistent bluetooth ID.
Having Kagi'd a bit just now, maybe the thing that can't be turned off is NFC?
https://www.simplymac.com/ios/can-you-turn-off-nfc-iphone
If that's the case, then I'd hold this as a different threat model than not being able to turn off WiFi and Cellular.
Very curious if an iPhone or iPad with all accessible settings off, including for NFC turning off Apple Pay, NFC tag reading, etc., leaving only this background NFC on, if there are still persistent identifiers being broadcast.
Although, I am still using 17.7.2 that won't stop nagging me to upgrade to iOS 26.2.
I don't want to because I know I'll hate it.
Also found out that the profiles also expire, so you need to update those in order to skip the update nagging. Apple's lolling all the way.
Need? Unless and/or until the ability to log in and do your banking, healthcare, etc. via desktop/laptop goes away, then you don't need a phone to do any of that. Yes, 2FA may be required but in the tangential experience of myself, my partner and my two closest friends, we have multiple 2FA options available to us for our banking/healthcare apps that don't require a smartphone.
I see this point all the time - "You can't bank or do important life stuff without a phone!!!" and it's just, largely, bullshit. I don't do any "important life stuff" on my phone.
Beyond that, even if you had to have a phone to perform those tasks, I'd strongly argue that if you feel you need a second phone, then, and I know this will come off as reductive and unproductive, I think the idea of spending less time on your phone and on the internet, and more time "touching more grass" and interacting with the community and world immediately around you, might apply.
Notably, in Vietnam people use QR payments a lot. If you want to interact with them by, say, paying at a small local restaurant, you’ll need a phone (or a stack of cash, and please do prepare change).
So I don't, actually, need a phone in that instance...
Theoretically there is a third option with USB ID card reader to use certificate stored in ID card. But I never saw one used in practice. It’s a PITA to get those devices to work on anything beyond Windows. And they’re accepted in relatively few places.
Is it really? £150 on backmarket for a phone which will last 10 years doesn't feel expensive.
Makes sense to me to run any banking on a secure device anyway.
Ps no it's not rooted but it won't pass full play integrity so it will usually be treated as such.
Also, a properly configured root is not a weakness just like having a computer where you don't log in as admin unless you really need to can be just fine.
Cheers, maybe by 2027 unattested devices won't be allowed on the internet. It's not a solution. The problem didn't exist a few years ago, the idea that it will not continue to its inevitable conclusion within a few years without real solutions is laughable.
Wait until Graphene is classified as a hacking tool and Estonia convinces the EU to fine a million Euros a day any company providing services to host its website. Wait until, "in the spirit of reconciliation," the US goes along with it, too.
Wait until unattested desktops aren't allowed on the internet.
On the other hand, France has been undermining privacy for a few years now. They supported Chat Control, have attacked GrapheneOS, etc.
https://www.ftc.gov/news-events/news/press-releases/2024/12/...
I deliberately avoid all banking apps even though i didn't root my phone, but i have to use Google Pay a lot. So... That's the only reason this phone I'm typing on isn't rooted.
The Coming War on General Purpose Computation
https://boingboing.net/2011/12/27/the-coming-war-on-general-...
unrelated to phones a lot of (more professional) malware has moved to not persist itself in root space (or at all) as to not leaf traces (instead it will just rely on being able to regain root access as needed every time you reboot with all the juicy parts being in memory only (as in how often do you even roboot your phone))
I think (but am not fully sure) this also applies to phone malware.
I.e. no it doesn't work.
Not unless you
- ban usage of all old phone (which don't get security updates)
- ban usage of all cheap phones/phones with non reliable vendors
- have CHERY like protections in all phones and in general somehow magically have no reliable root privilege escalations anymore
Oh and advanced toolkits sometimes skip the root level persistence and directly go into firmware parts of all kinds.
Furthermore proper 2FA is what is supposed to make online banking secure, not make pretend 2FA where both factors are on the same device (your phone).
And even without proper 2FA, it is fully sufficient to e.g. classify rooted phones as higher risk and limit how much money can be transmitted/handled with it (the limit should ignoring ongoing long term automated repeated transactions, like rent).
There really is no reason to ban it.
I stopped using banking apps on my phones a few years ago - they got more and more annoying, and I don't buy into the "the device is secure and should be used as a trust token". So I'm now back to banking only on my computer, with a hardware token for TAN generation.
And I have no idea why, but no bank offers photoTAN devices in my country. They seem like an interesting concept, even though I imagine the underlying hardware isn't far from that of a phone, in the end.
Sparkassen: https://www.sparkassen-shop.de/home/shop/tan-generatoren,375...
Previously there were also so called "flicker TAN" approaches: https://de.wikipedia.org/wiki/Transaktionsnummer#chipTAN_com...
They don't really like you using that and keep annoying you to stop doing that, but I don't think they'll fully get rid of that - those are filling some accessibility niches as well.
I only know of a single bank using this.
If it's not Crédit Mutuel then you now know of a second bank using this method.
The old, standard RSA number generator token key ring device is not permitted in Europe for authorizing bank actions ?
The requirement is called "dynamic linking" (the 2FA code must be tied to the specific transaction) and the relevant regulation is PSD2.
Here in the US, I still get checks frequently enough that it's nice to have.
I only used them twice in my life, last one was in 2012 and I had to get a supervisor at the bank to find the procedure to get a checkbook at the time.
I do own a home but find that almost everything can be paid online now. I write just a few paper checks per year. Even my taxes I pay on the state or IRS website (with ECH, so effectively a check but without the paper).
I only have to do this rarely, and it’s always because the recipient wants to charge a “convenience fee” for having me pay with ACH or debit card or credit card. (The seller is assuming people would rather pay an extra $3 to $5 to not have to write a check or mail anything).
I'm essentially along for the ride because the masses will gobble it up.
I grew up in a world where personal computers weren't strange things (the 1980s). I remember reading Levy's "Hackers" in my teens and not comprehending how people could think personal computers were such a big deal. The talk about "technical priesthoods" and mainframes, the inaccessibility of computers to "normal people", etc, didn't mean anything to me.
Now that I'm living through the twilight of the personal computer I understand.
Money is speech, and speech builds political power. Industry lobbies have vastly more money than the minuscule number of people to whom this matters.
On top of that, the market doesn't want general purpose computers. The market wants TikTok terminals and selfie cams. The market wants "content consumption", "AI slop", and "influencers".
If there's no market for what I want it doesn't matter if it's legislated out of existence or not. Nobody will build it if nobody will buy it.
Then there's the apologists for big tech who cry "But they're not computers, they're phones!" when the fact is brought up that we're all carrying general purpose supercomputers bristling with sensors and radios in our pockets but we're not allowed to own them or use them for what we want. (Cue sob stories about clearing malware from oldsters' computers in 3... 2... 1...)
Technologists (who I'd argue should want general purpose computing in the hands of the masses) can't make any money re-architecting the OS and application metaphors and paradigms that give rise to the malware-laden cesspools of end users PCs so they just direct their efforts to working at big tech building the walled-garden prisons that we're all going to be forced into.
It's hard not to feel like I have to accept this fate.
all they really need to do is to make the Internet inaccessible from any device except the castrated thin clients that our computers are doomed to be replaced with. and that can be done trivially.
Outdated but signed ROM with tons of unfixed CVEs will be still considered totally fine.
Latets Lineage OS or Graphene OS will be rejected.
That has been the model since day one, since you are using spectrum that, because the end users are not licensed, requires it. Radios in 100% of commercially available phones are locked to prevent user tampering.
You don't get root on your debit card either, despite it running a computer.
Why, then, can users be root on PCs that have wifi cards, SDRs or cellular radios?
SDRs? Because they are not certified transmitters. They are test RF gear, or a component of a transmitter, not an end-user product.
Cellular radios in a PC? You don't get root on those. Same situation as they are in a cell phone: They are licensed-band transmitters, and they are required to be tamper proof to protect the licensee.
The original post said:
> Locking down the bootloader and enforcing TEE signatures does stop malware. But it also kills user agency. We are moving to a model where the user is considered the adversary on their own hardware. The genius of the modders in that XDA thread is undeniable, but they are fighting a war against the fundamental architecture of modern trust and the architecture is winning.
So, as I read it, Fiveplus is saying that we are moving to an architecture where the user is an adversary on the computer (the phone) as a whole. While licenses may require that specific components are out of bounds, the new thing is that the whole platform is denying the user the ability to do what they want with the parts that are not explicitly off-limits.
IIRC, a Blu-Ray drive is required to store data about revoked keys and to stop playing discs if its own key is revoked. Presumably the BR license also states that the user can't be allowed to wipe this revocation list and start playing Blu-Rays again. But BR drives can still be fitted in computers where the user has root access, just like PC cellular radios.
Phones are made to be default-deny instead of default-allow, and I think that makes it different from "enclosed modules you don't have control of".
As of November 2023, zero applications are licensed and capable of playing UHD Blu-Ray disks [0], and PC manufacturers are just not including the hardware necessary to do so.
0: https://www.cyberlink.com/support-center/faq/content?id=2834...
Even as a licensed ham it's getting increasingly difficult to even get hardware that allows utilization of frequencies I'm duly licensed to transmit on in the 2.4 GHz band. Short of building and designing your own transmitters it's become impossible to repurpose hardware like it was before. Our club has aging M2 Rockets from Unifi that were modified for this use that are now decaying and dying. It's unfortunate too because once these stop working that's it. A few club members have been championing GLiNET but same problems. They are relying on older models which weren't as locked down and already show signs of suffering the same fate as the Rockets.
Doesn't stop state approved malware in all its forms.
I have no idea about the kind of malware you're talking about.
I think we’ve been there at least since the first iPhone, and it’s now entirely normalized for the average user.
This totally beats the purpose of owning or using tech. Might as well go off grid and live a non-tech life.
Big tech wants to colonize our hardware completely because data centers alone ain't cutting it.
1$ Trillion has to be paid back to the investors plus interests. They screwed up with AI and we have to pay for it. Or maybe they didn't screw up because big money always gets bailed out by the plebs.
> The irrefutable part here is that the security model works.
Yes! And that business model should be allowed.
This leads me to worry the notion of "user agency" may be misplaced, meaning, aimed at the wrong level of the stack. It would seem both open (general compute ethos) and secure devices (appliance ethos) have a right to be in the market. So…
### Perhaps user agency should be at the experience level. ###
We couldn't plug Sega Genesis cartridges into Nintendo 64. We understand this about consoles. If we remap mobile devices into consoles, it seems less obvious their internals should be opened and tinkered with by end users.
User agency seems more at the level of picking a console family, and it's often for the whole brand aura including both the console itself and safeness-to-permissiveness dial by which the brand curates its the cartridges (spectrum from Nintendo to Apple to Sony to Microsoft and Steam). A free market for mobile devices or desktops would likely sort out a similar spectrum of just-works to fidget-able. If you choose the Nintendo 64, you wouldn't expect to run arbitrary software on it as you would expect on Dell.
We hackers are capable of figuring out how to make Nintendo 64 software; our neighbor does not need or want those affordances, they want just works, no headaches. This idea that the user must be able to open their digital watch or toaster oven and change how it is wired glosses what users actually choose: the conveniently toasted meal.
At the same time, business models around the curation and appliancification of digital tools, blurring the lines from hardware through solid state through firmware to software into a single product users can choose, must be defended.
If I want to dev for a secure product, I similarly must be OK opting into the supply chain security model (with Apple, registering as a dev in order to exchange cert material and bypass consumer paths to loading software I'm making for the platform) that allows that product to be secure, and opted into by users with money to buy my app, that caused me to want to develop for it in the first place.
Users must have a right to buy an appliance that isn't fiddle-able. Not mandated to, as this article sounds, but allowed to as the EU is trying to deny. Such products have a right to exist, and such business models have a right to exist.
And then, user agency remains as simple as use dollars to buy a product offered through a biz model that matches the user's goals, rather than regulate to disable business offerings offerings/products that don't, and developer agency is to pour energy into the platform that aligns with one's ethos.
If more money is to be made on a platform with a different ethos, perhaps it's worth reflection rather than rants.
This is lazy control.
The only solution is to force some semblance of user agency on those models, such that the vendor isn’t imposing from above.
Not that it excuses the withdrawal of user agency. But I've never used a banking app on my phone before. Anything important I still like to do on a desktop.
Though how much longer that's safe, who knows. Apple's model of requiring their permission to run code on your own device will probably spread to everything given enough time.
A lot of banks require using their banking app to get a 2FA token to log-in on a desktop web browser.
I guess you could take your laptop out at the restaurant and in the taxi to pay. It seems a little strange. You might better just use a browser on the smartphone instead of the mobile app.
Here in Europe, good luck using any form of online payment without one due to 2FA requirements.
This has always struck me as a matter of checkbox compliance rather than a commonly-exploited attack vector, though I'll grant that's partially because few people actually use such devices.
This is pretty clearly a case of "oh there's an option here that says 'allow on rooted phones', do we want to allow that?" "No that sounds scary and risky! Of course not. We must not allow it."
The option is there, and nobody is going to try to sell not ticking it.
When finding help on how to do this, people were saying it's useless cause they can proxy/VPN anyway, but obviously that has some cost to them because they weren't doing that. So seeing how I had no legitimate traffic from there, it was an easy choice and cut out like 99% of abuse.
I’ve also had other banks do the same. They provided me with a debit card that supports international transactions but they did not allow logging in from most Asian countries. So I would log in from Asia, be blocked, turn on my VPN and log in from the U.S. to check the balance on my card.
Separately, I couldn't even log onto their system this week from my desktop browser because of some bug. (Accessing from the US). It didn't recognize my username or password, let me change my password, then said it didn't recognize the new password.
The Vietnamese government has reported a rise in account takeovers and other banking thefts [2]. SIM-swapping has been a tactic used. Adding difficulty for fraudsters to trick unsophisticated banking customers is a valid security layer.
1. https://vietnamnet.vn/en/biometric-deadline-nears-millions-o...
2. https://evrimagaci.org/gpt/vietnam-faces-surge-in-sophistica... (expands upon https://vneconomy-vn/techconnect/mobile-banking-phat-trien-manh-tai-viet-nam.htm)
You fight SIM-swapping by outlawing the moronic practice of using SMS for anything security sensitive. Not by blocking user modified OSes.
So that would be a dumb thing for a Vietnamese bank to use as a recovery method.
[0] - https://vneid.gov.vn/
[1] - https://tuoitre.vn/thieu-tuong-nguyen-ngoc-cuong-nang-cap-vn...
Of course they slathered the app with tracking, 'security', and analytics SDKs, so rooted devices are rejected. I had no way to log into this bank account after they made that change, which is simply wonderful.
Anyways, they're not yet at the point where they've learned to do the checks server-side. For now it's a one line patch to skip the root screen. But the Play Integrity API is designed correctly, if they learn to use it, there will be no workaround without someone finding a hardware vulnerability somewhere.
Some of that liability is fair but most of it is the government telling the banks to account for the loss when someone is scammed. They are obviously going to mitigate that as much as they can.
Go back fifteen years and malware is absolutely submitting bank transactions after the user does a 2FA.
https://krebsonsecurity.com/2010/03/crooks-crank-up-volume-o...
They're upping the surveillance, not the security, quite demonstrably.
This is meant to protect /them/ from liability and not /you/ from loss.
This is why LineageOS is actually dead in the water, even though they're "in talks with hardware vendors". It doesn't matter when people can't use the apps and services they need.
https://en.wikipedia.org/wiki/Web_compatibility_issues_in_So...
Offering a monetary reward for installing apps seems fairly common. Chevron had someone at my gas station offering something like $5 of free gas, plus $1 a gallon off of the next three purchases. If it was something the customers wanted, they wouldn't need to pay people to do it.
We're dragged into this kicking and screaming and yet normies think we're the crazy ones.
I chose my current bank because it was one of the few that had proper token based access for 3rd party integration. An overwhelming majority of banks were relying on a 3rd party holding your actual username/password and saying "trust me bro". I wasn't comfortable with that.
> Many tech jobs in the US will move to Vietnam in the coming few years.
It would seem to me that India has that on lock.
In the future, everything will need an 'app'.
Most people would find this viewpoint to be strange.
No no no shut up, don’t speak up. No one thinks like you.
They'll find a solution to their problem, which is you: apologize for losing you as a customer, and express a hope that you'll consider them again after you've bought a phone.
https://www.digitaltrends.com/phones/venmo-shutters-web-plat...
Most banks charge a fee for sending a wire. Sending an ACH is free, but most restrict that to your own account. Revolut is the only one I've seen that lets you just spam ACH to anyone. In both cases, it isn't instant.
Zelle largely fixes those issues, but has its own issues, like a lot of banks not supporting it and/or arbitrarily low send limits.
1. Your employer pays your salary by bank transfer, which requires you to have a conventional bank account.
2. You then want to spend that money, how do you do that?
Debit card? You need the phone app to retrieve the PIN when the bank first sends you the card.
Cash withdrawals in the branch? For amounts less than €10,000, the staff will direct you to the ATMs in the branch. These require an activated debit card to withdraw money, and activating that card requires the phone app.
Manual money transfers in the branch? Once again, for amounts less than €10,000, the staff won't do it - they'll instead direct you to the PCs in the branch. These are just loading the same website you can access on yours, which will ask you to the confirm with a 2FA push notification to log in.
Try another bank? The legacy banks all got the same auditor who advised them that app based 2FA is the easiest way to implement PSD2, and reduce the likelihood they get held liable when customers get scammed, so they all implemented that as the only option. The neobanks of course, are accessed solely by apps.
I've heard 3rd hand of some banks already doing this in i.e. Armenia where a foreigner can come in and open account easily but they block any online access to lock the control of funds in country to make it harder for the FATF psychopaths to find fodder to clamp down on them.
I have had a lot of banks and credit cards, mobile payment apps like Venmo/PayPal in the US and they almost all work on mobile web and desktops.
But I recognize that wealthy western countries didn’t really skip the personal computer like many mobile-first regions have done.
It’s not like the UK sent out a mandate to private banks or any other private industry on this issue. It’s also only one small country of hundreds.
I’d have to question this idea that this is how things “already look.” I can think of very few businesses that I interact with that force me to use an app.
I believe that previously internet banking, even before mobile banking, will limit the number of transfer recipients you can add per day/month. With the rise of QR payment I could see this limit being regularly hit if you scrape the web-based banking.
Since the Bank of Thailand claims that they technically don't block many things (mobile banking technical requirements seems to also require blocking root, but they never banned internet banking), I wish there's a new bank that try to disrupt the existing players. But the latest "branchless" banking license were only acquired by existing banking groups, so API-first personal banking remain impossible.
The banks that allow you to do everything on their website trend towards legacy and US-centric.
From they you can keylog. Highjack input listeners, basically do anything you want.
There's not even that many people using rooted phones, and many are tech savvy people that are generally a bit more careful, so even if a rooted phone gets infected by some malware chances are the malware won't even be written in such a way to try to obtain root permissions through the standard procedure and exploit it.
on the other hand phone does not require you to verify with your pc, so there's no second factor unless there is some unacessible secure island within the phone itself.
funny enough, you can probably use that website directly on the phone that you use as 2F, which probably circumvents the 2F idea (at least as long as you use SMS 2F instead of app that checks for root)
Users are losing billions worldwide due to fraudulent apps. If a user has root and runs a malicious app, it can intercept what a legitimate banking app does. A scam app with root can draw over the screen and tell users to transfer money, or it can run a series of actions when the banking app is running, or do any of a hundred things to steal money.
Sure. But the people who are actually rooting their phones are advanced users and aren't going to install a malicious custom OS. Are naive users getting tricked into rooting their own phones? I'm dubious what the security benefit is of this decision.
There are two ways to root a phone:
1. Unlock the bootloader, install a well designed and highly secure aftermarket OS, relock the bootloader. The device is still just as secure against malware as it was before. Remote attestation shows the vendor that you're running Graphene or Lineage or whatever.
2. Exploit a local vulnerability to drop a sudo binary somewhere. RA shows you're running an exploitable version of Pixel Android, etc.
(2) is absolutely exploitable by fraudsters. They convince the user to run an app or visit a website that exploits their browser or whatever, and the vulns are used to escalate to root and keep it. Now when the user logs into their banking app the HTTP requests are rewritten to command the bank to send money to the adversary. This is why devices that allow escalation to root are excluded via remote attestation.
(1) isn't but it requires more coordination than the industry has proven capable of so far. Binary images of a custom OS could in theory be whitelisted by banks if it was known to be as secure as other operating systems. But there's no forum in which that information can be exchanged. Like, RandOS turns up and the maintainer "xyzkid", identity: anime avatar, claims his OS is super secure. How does random overworked bank developer John Smith know if this is true or not? RandOS doesn't come with any audits, it doesn't have a well paid security team. The brand is a big question mark. And if John makes the wrong call, maybe the bank is now on the hook for millions in losses because someone installed RandOS to get the shiny icon theme or whatever, and then got hacked.
So it's a hard problem. It's not actually a technical problem. Remote attestation is very general. The hard part isn't the tech. It's a social problem. How do you create and rapidly communicate trust in a new binary OS image if you don't have the security resources of an Apple or a Google or a Samsung? Google runs a whole accreditation programme for Android where you can turn up as a phone OEM and get your custom OS builds considered to be secure by passing a huge test suite. So the only issue is OS hackers who fall below the threshold where they can do that.
There's an alternative of course: go full libertarian. Means, just use a "bank" that doesn't care if its users get hacked. This is what the Bitcoin community enabled. It's there if you want it.
Well it’s more the Dunning Krugerites who see the word “rooting” written by someone in a cyber context, lack that context entirely, and proceed to enter the discussion anyway based on their experience rooting their Android phone 3 years ago after clicking through a few UI buttons.
On android, I believe this can be done rootless via accessibility permissions that can display on top of apps
While they (mostly) have websites, a computer with root access is not sufficient by itself to access them. You also need to perform 2FA via push notification to a proprietary app on an Apple or Google approved device.
Surely most people running a rooted phone are tech enthusiasts. Cybercriminals will just use regular phones bought under false names and dispose of them afterwards.
In other words, the correlation is that older people are more likely to have a rooted phone and are more susceptible to fraud.
Dunno how widespread this is, just something to keep in mind.
Users that try to use mobile apps as if they were web apps, disabling location, and security features are just flagged by numerous security mechanisms.
Dug it up. Alfred Whitehead:
It is a profoundly erroneous truism, repeated by all copy books and by eminent people when they are making speeches, that we should cultivate the habit of thinking of what we are doing. The precise opposite is the case. Civilization advances by extending the number of important operations which we can perform without thinking about them.
and that's enormous power for those who want to centralize power into their hands.
Viet Nam is in the process of rolling out mandatory biometric identification and verification as part of the VNeID project [0], and mobile operators are in the process of rolling out identity stamping if mobile devices using VNeID [1]
Viet Nam is also an authoritarian state who's current leader (To Lam) spent his entire career in Viet Nam's KGB (MPS/BCA). Unlike Westerners, Vietnamese know the red lines - this is why I and my SO (much to her chagrin due to my insistence) never travel back to VN with my personal accounts or devices, and why we keep some friends of friends on speed dial.
[0] - https://vneid.gov.vn/
[1] - https://vtv.vn/nha-mang-ho-tro-kich-hoat-sim-truc-tuyen-bang...
Vietnamese government will not arrest a tourist foreigner for talking bad about the party or about Ho Chi Minh, it would decimate their tourist bottom line. If you don't deal with drugs or actively don't organise against the party, you will be fine.
There is a growing surveillance (which you cited well) but mostly for locals.
edit: oh I misread, you are Viet Kieu, not a western tourist. OK yeah that makes some sense.
> if someone is technical enough to root his phone he understands the risks
You're looking at this from the user's perspective. Indeed, the narrative is "for your safety, you cannot export your security tokens from your device's storage" or "software that runs as root can bypass all permissions, an attacker might exploit that!", as though users can't make that choice themselves on purchased-to-own hardware. Dropping privileges (https://en.wikipedia.org/wiki/Privilege_separation) has been a thing since as long as I'm alive. Don't be fooled that this "protection" is for you :(
I'm not saying its impossible but it is hard to do at present in a way where if I came and picked up my phone again, I'd not know something happened to it.
My guess is:
1. Person with rooted phone uses a bank app, is hacked, has their money stolen.
2. Guess where the person turns to for help? The government.
I wonder if this has become a feasible avenue for scammers to interfere via other apps they could convince someone to install on rooted phones. Or if they are worried about skilled people being able to debug/MITM and find vulnerabilities on the banks.
Though from that statement alone, sounds more of a measure to protect banks than customers.
banking is very risk averse area. and it is good precaution.
But you do understand. If someone is technical enough to root their phone, then he is the risk.
[cough]Monero[cough]
Kinda like the Wall Street concepts of "Accredited" and "Sophisticated" investors - who could never possibly fall for a Ponzi scammer like https://en.wikipedia.org/wiki/Bernie_Madoff ?
Not to say I'm a fan of Vietnam, or familiar with their ban - but when people are having their money stolen at scale, there's a very strong tendency to blame the gov't and/or financial system. And it's extremely rare for stolen-at-scale funds to not be "reinvested" in further criminal activities - which again, the gov't is expected to deal with.
Whereas previously the app displays a 'whitelisted' set of UI options to the user, the rooted user could use employee only methods. Somewhere or other every bank has methods that set balances on accounts.
To be honest a law like this makes security by the extremely modest obscurity of not having an "increase your balance" button on the app UI much more tempting.
Exposing these types of APIs in any way outside the bank ever would be gross negligence.
1. Incompetence. The same reason why many banks al around the world do this without regulations. Some snake oil salesman sold them a security theater SDK or library that blocks user installed or modified OSes.
2. Government control and surveillance. Vietnam is authoritarian. It only makes sense for them to participate in the global war against general purpose computing to gain complete control over their citizens' devices allowing them to restrict software, displayed content and communication to require government approval and enable total surveillance of all activity without any way to bypass this. Instead of outlawing user controlled general purpose computing directly they do it through the backdoor of pretending that it is for people's own safety.
All public key boxes are banned and Google regularly bans new ones . That endpoint contains the list of revoked keyboxes : https://android.googleapis.com/attestation/status
You realize in Viet Nam this means getting a "friendly" visit by the MPS/BCA, and if you continue eventually getting branded as a troublemaker.
Hence my qualifier. I'm not trying to incite anyone into personal danger.
But you are providing an alibi for malicious users who, for example, might try to brute force logins from unidentified devices.
That would be one reason aside from the law. You are essentially positioning yourself on the same side as intruders.
You should personally immediately return any computing device where you have control, this line of reasoning is insane
I am probably missing something obvious(some sort of tpm key attestation) but it feels like it would be impossible task. I mean, theoretically higher layers can check that lower layers have the correct signed checksums, but they need to use the lower layer to do it and the lower layer could just lie to them. (if isSystemFile(f_name) then return originalFile(f_name); or provide a virtual tpm).
On one hand, people that jump through the crazy hoops phone manufacthrers put up to get root are either technically-proficient or willing to become so and are, usually, responsible enough to keep their devices locked down and secure.
On the other hand, banks are subjected to literally all of the regulations, and breaking any of them usually incurs unbelieveable fines. Given that phones are the default computing device for most people these days and how (relatively) easily secrets can be extracted from rooted devices, blanket-banning them makes a lot of sense.
Nonetheless, modern Android is just as locked down as modern iOS, with a few exceptions (like adb access) and without the awesome hardware and software optimizations for that hardware that make video recording fast and web browsing even faster. Between this and nobody having a real answer to Apple Watch, I'll be an iOS stan for the foreseeable future.
It's not just root that they block.
It's ridiculous.
The Vietnam government has banned phones under their user's control from using any banking app.
To give a specific example, suppose a banking app wants to require location services in order to try to login. Some users can bypass or spoof this, (in fact that's what the thread is about entirely, and for that they root the phones.
Not all users who root the phones violate ToS, but it's a majority, or even a possibility, so they choose to disallow such usage.
Pretty sensible stuff to me.
where exactly do you work with this agenda and reasoning? thats insane? banks have been more or less made mandatory by the regimes around the world, and now these things. How can anyone possibly consider it sensible?
What is it? I can access their websites on a PC running as root or Administrator. What is the problem with rooted Android phones?
If someone steals the secrets from a rooted phone and steals customer's money the bank is on the hook, so banks do everything they can to minimize this risk.
There is no way to store customer's secrets in a PC browser securely, so all the "dangerous" transactions were outright prohibited in the web app or made available only via temporary QR login.
All this is just is a negative side effect of customer protection laws.
Now that's just not true now, is it? Sure the lawyers told you that (the ones that get paid to tell you that), but nowhere in EU was a bank actually fined for not root checking a device.
They were plenty fined by being utterly incompetent with security practices and doing them poorly - like trying to inject wierd .SOs to do the root detection you're defending.
"Payment service providers (PSPs) operating in the EU will have to cover customers’ losses from fraud if their fraud protection regimes are inadequate or poorly implemented under new EU rules."
Other places like the UK had such rules already.
In some jurisdictions if bank can prove that transaction was made with customer's key then customer can not demand their money back. That's the best case, but there are only few of such jurisdictions and even there the burden of proof is on the bank and it costs a lot.
In other jurisdictions bank must reverse a transaction even if it was proven that the transaction was signed with a legitimate key, but the key _may_ have been stolen.
In some jurisdictions (i.e U.S.) banks are required to reverse a transaction at a customer’s request, even if the customer does not dispute having made the transaction.
In any case dealing with all this is too expensive and risky.
Do peope get defrauded using online banking? Sure. But usually not in a way that would be stopped by secure attestation.
For the past 20 or so years, every bank I've been with in Belgium has provided me with one of three types of hardware token:
1. An OTP token that's just a screen that displays a new 6 digit token every couple of seconds (haven't seen one of these in a few years now). This was used to supplement username/password on login and to verify every bank transfer.
2. A token with a screen and a display, which generates OTPs based on input. E.g. for a payment the bank would tell me to enter the amount + the last N digits of the bank account, the token then generates an OTP, which I can use to confirm the payment. That's what 2 of my 3 banks currently use. They have separate modes for logging in, for signing bank transfers, for signing 3D Secure online payments, etc.
3. A card reader where where I just slot in my card. I can then log in or sign payments using the card's chip & pin. This is what my third bank uses. There are a couple of variants on this, such as models which connect with USB and models which can read QR codes from your screen so you don't have to tap in anything except for your PIN.
That's the reason I mostly use online banking on the web, not on a device.
If it ever comes to that in my country I can also use my previous, unrooted backup phone to host these apps and keep it at home.
I'm not at all thrilled of the idea of carrying your credentials to your bank account on your phone, accessible via a 4-digit PIN out there in the world in the first place. For some reason, banks think it's great.
Could we have the same level of security - or very close to it - from requiring a secure enclave like a vm running on the device for banking apps with hardware passthrough, or would there be no way for that vm to verify it has actual hardware passthrough and that it's not being tampered with?
That way you would just get the entire vm with the app from the Play Store or Apple, and nobody needs to worry about root?
Not deep into rooting scene but seems plausible to me that this has some merit if you squint at it from the right angle
Trusted agents are useful. And I'm using legal meanings, not technical meanings here - so a "trusted agent" is someone or something that is legally acting on your behalf, to perform actions as though you were performing them.
The whole fucking promise of "general purpose computing" is that citizens should be able to delegate repetitive and tedious tasks to a computer. And they should have the full freedom to pick both which tasks are delegated, as well as which agent (program) is performing them.
Instead - what we're seeing is that companies are closing off as many avenues of automation for the average citizen as possible, under the guise of security.
The problem is that selecting a neutral (trusted!) agent is really, REALLY important, and companies are absolutely not neutral. They don't want the best results for "average Joe customer", they want the best results for themselves: the company.
They will make decisions that are contrary to your best interests all the time. They have exactly zero fiduciary duty to you, and boy do they know it.
In a decent world - in a decent CAPITALIST SOCIETY (which we can already debate the decency of in the first place) you allow space in the market for modification. Ex - don't like your desk? Change it. Don't like your car radio? Change it. Don't like that tool handle? Change it. Pick a different one, even one from a totally different company. Replace it.
This allows new ideas, new growth, and prevents stagnation.
In the digital world... there are a few companies that are trying as hard as possible to prevent you from being able to change anything.
---
Want a new browser? Fuck you.
Want a different UI for your banking needs? Fuck you.
Want to watch something without the ads? Fuck you.
Want to watch something with the ads, but in a less miserable ui? Fuck you too.
Want to automate something? Fuck you.
Want to export your data? Fuck you.
Want to sell software without us taking our rent money? Fuck you.
Want to shop in a different store? Fuck you.
Can't be letting our users make decisions that might cost us money.
---
So we're seeing an absolutely insane number of "digital locks" being employed not to protect users. No - instead they're getting deployed to protect revenue at the expense of users.
The only possible outcome is that service quality degrades to the point where you literally are better off without. Because that's what happens to incentives when you let companies operate in this manner.
If the consumer has no choice - the market has no power, and what little value there is in capitalism goes right into the trash bin.
So sure - if you squint, this maybe prevents someone from making a bad decision on which agent they trust.
But the problem is that now they HAVE to trust an agent they know is going to make bad decisions for them. Hope you like the biggest ad company in the world owning you digitally... Serfdom here we come.
...but I don't think that's the lens legislators look through here. I think it's more like "Last week and upset constituent lost all their savings". This politician cares more about protecting gullible constituent than a hypothetical stallman-esque freedom argument.
Not saying I agree, but rather that I can see why a politician might land on that conclusion
Ie: the much larger percent of users affected by this news would already be more technically savvy and one would assume be less susceptible to known scams.
To your parent point though, sideloading apps per se OTOH is something most Android installs can do without rooting or a replacement OS. Google is already rolling out developer verification requirements for sideloaded apps on GMS Android installs (most devices) to mitigate impact of malicious apps, so there is already action being taken for regular users.
One could imagine other reasons Vietnam may want to dissuade more tech savvy users from running AOSP-based installs (such as GrapheneOS, which is known to be robust against Cellebrite) and using banking is a decent place to start.
> malicious actors just compromise the firmware instead
surprised pikachu face
Apple is already a walled garden, granting you only access to your hardware and they see fit. Google desperately wants to follow suit by enforcing developer registration (which is just the first step). And now this. This is will happen in the EU and US as well.
And always in the name of security, safety, or "will nobody think of the children?!"
My hardware, my choice, period.
You can choose to not use the app.
The bank has a choice on how customers interact with it.
The government, regulating banks, and often acting as insurance for lost money, has a choice on setting required security standards.
Balancing all these is difficult.
2. Vietnam has been in the process of rolling out national biometric identification for years now as part of the VNeID [0] project, and unifying that with banking and mobile phone identification is an important part of that such as with the recent FPT Telecom announcement [1]. The aim is to turn VNeID into a super-app by 2030 [2], and from what I've seen in rural areas of the Central Highlands, it's on track.
[0] - https://vneid.gov.vn/
[1] - https://tuoitre.vn/vneid-mo-rong-dich-vu-so-dang-ky-internet...
[2] - https://tuoitre.vn/thieu-tuong-nguyen-ngoc-cuong-nang-cap-vn...
I'm not against having a separate secure phone to use with banking apps, but that phone must be designed for security, not for Google's ad driven business model..
I wish we didn't have to choose between Google and Apple, especially here in Europe where we can be sactioned by the US for doing our job..
The bank's app can then ask the OS to sign documents using the TPM's secret keys, and the OS forwards such requests to the TPM. The TPM refuses such requests from modified OS but obliges requests from an unmodified OS. The bank's servers refuse to accept documents not signed by the TPM.
Root can't pretend to be a TPM and make up some secret keys to sign documents with because the TPM's signature is itself signed by Google, so the bank can tell the difference between root's signature and a treacherous signature.
I also prefer to own my device and be root on it, while installing all the "pretend I'm non-rooted" functionality on it, I did think "this is basically installing a rootkit to tell the OS 'yes, I'm clean!'.". Then my bank (fuck them very much) decided to add a check for a locked bootloader and refused to work without it. I suppose maybe there's a way for the "rootkit" to lie and say "Yes the bootloader is locked!"?
I didn't read all the comments, but it seems to have been lost that it's a fight between freedom (allowing people to "own" their devices) and protecting the general public from harm (being scammed and losing all their money). We also have to give up some freedoms, eg. we are forced to wear helmets or seatbelts as participants of traffic, to ensure a better protection.
All other business, including personal communications, conducted on a GrapheneOS device. These days you don't even need a phone number for your everyday device, a data-only roaming plan like silent.link is enough. This is not yet necessary in the U.S., but we are dangerously close.
I utterly detest the idea of having to use a phone for anything that I'd like to be secure. I browse Reddig on that thing. I watch porn on that thing, I don't want my porn anywhere near my bank account.
That sounds like a utopia we've passed by on our way here. Maybe it's possible to make such a dedicated hardware device when the digital wallet becomes available for a (mobile) linux distribution or a degoogled android. Let's see when the phone manufacturers think that's a good idea to lobby for
I'm cynical about the whole digital wallet idea because of this. Not that it's not useful, but it's tying your mobile surveillance unit and browser history to an identity on hardware that you are not meant to control
The other more compelling reason why people would have a rooted phone is to run ROMs that may still be providing OS support where the stock OS has been abandoned or EOL'd by the developer.
Having an unlocked bootloader at the minimum would be required in those scenarios. It actually saves hardware that still works from ending up in landfills.
edit: spelling
(The first time I walked past a homeless person using a VR headset, on the other hand, was a fucking trip.)
Incidentally, if anyone wants some collector's edition Google/Android devices...
Please get in touch with the postmarketOS folks, since any phone old enough to be running CyanogenMod proper is most likely not supported there yet. (It would be super nice to even have a proper list of all devices where old CyanogenMod was officially supported at some point, with device specs for each. We're lacking even that at present because the transition from the CyanogenMod name to LineageOS was so messy.)
Of course, the combination of extremely limited hardware specs (512MB RAM + 512MB built-in storage was a common spec), old ARM32 SoCs and the ongoing 3G/2G mobile network phaseout means that many such devices will only really be useful as glorified palmtops or for even more minimal uses. But it might be worth experimenting with nonetheless.
https://privsec.dev/posts/android/banking-applications-compa...
https://grapheneos.org/usage#banking-apps
Anyway it's not like they're the UK and have age ID's for their internet lol
They need to go further to outlaw hide root apps, and then install special app to track the status of the phone to make sure it is not rooted. Then allow police to randomly check the presence of this app on people phones. Every phone needs to be registered and pass hardware inspection every year. Even better, make so called offices where people can come and deposit or transfer money, it will be super safe.
If you mandated that they have to support Yubikey or whatever on open platforms I'd take that as a decent alternative. But just "no you must use a device controlled by somebody else" is not acceptable.
The National Credit Union Federation of Korea (NACUFOK) represents over 800 member-owned unions (https://www.cu.co.kr/english/main.do), and then there is the even larger Saemaul Geumgo (MG) network which operates as community credit cooperatives with millions of members. These people ostensibly own their "bank" accounts.