For the past 15 years1, F-Droid has provided a safe and securehaven for Android users around the world to find and install free and opensource apps. When con...
Disclaimer: I have been a maintainer for LineageOS and a long time user.
Whoever advocates for LineageOS don’t get it. Using LineageOS will not fix any issue like this.
Already today using LineageOS means give up on banking apps, ID apps, and even McDonald’s and some games like Pokemon.
Yeah because Google with play intergrity now demands valid keys that gets invalidated as soon Google detect they are used for such usage. The cat and mouse game suddenly got much harder to beat.
So no, using LineageOS will soon be possible only with secondary devices and not your primary that you will need for your actual stuff to work.
I (for the moment) use stock android without a google account without any issues.
Then again i don’t use banking apps on a smartphone.
My gov provides ID apps and they work fine - then again, GPS is installed of course.
Fuck McDonnalds.
I’ll have to check app support on Linage or PostMarketOS in the near future.
I don’t know about the US but on this side of the pond banks have their own 2nd factor apps. So to log in to a bank’s website you need an app - quite probably with play integrity.
That’s crazy. Yeah in the rest of the world you can’t do shit on a bank website, it’s mostly just view only, and the rest is via the app. If it lets you do anything at all, it’ll require 2FA via the app.
You can transfer money from a savings account with one bank to another account with another bank just via tapping said bank account icon in the app, like you don’t even need the BIC/IBAN/AccNo/Name or any details, it knows where to go just because you have the app of the other bank, all you do is tap the icon.
I’m not even sure you can withdraw the money from the savings account without having the app of the target bank installed on the phone, signed into the target account.
Same way you can add a card to Google Pay by just tapping a button in the bank app, no details or anything required.
Frankly I don’t even know where any one of my bank cards are, I remember for a good while I had a credit card that I didn’t actually have physically because when you open the credit card account (which requires extra checks compared to what is default - debit cards) they don’t bother to ship the physical thing to you unless you explicitly ask for it (via an option in the app), since most people just use it only via Google Pay because everywhere is cashless and uses only NFC.
I didn’t realize at first but it meant that my “card” didn’t even have a PIN, because there was no way to physically have it, any large transactions are authorized in the app, everything else, including IRL is implicitly authorized by me unlocking my phone with my fingerprint, which is required to make NFC payments on Android. I think with Apple phones it’s required to open the app but for me since 2018 it’s been muscle memory to tap the fingerprint reader and slap the phone on the NFC reader on anything from the tube to the dodgy corner shop.
To get the actual card details it’s a relatively hidden submenu in the app, to add to Google pay is a giant button on the card icon in the app.
Convenient as hell but the sheer amount of privacy violations involved and info that must be gathered about the phone to do this in a compliant fashion makes me shudder.
I’ve been using a dedicated TAN generator for banking since I first made my account but I don’t doubt that’s going away at some point, since debit cards from the same bank already require an app for 3-D secure.
No, hardware TAN generator work fine. If the bank wants to force me to use proprietary snake oil it’s time for a new bank. Or using a dedicated old smartphone just for the app.
Banks use their app to generate the otp and they reinvented the wheel so if you want to login you need to install it, can’t use a generic authenticator. I am not aware of any single bank in the EU that allows the use of generic authenticators.
For McDonald’s, using the app gives at least 50% off. A menu in the app costs 5 euro while on the store kiosk costs 12 euro. I do not personally care because I find their food to be just barely edible, but I understand why there’s a need to install the app
My bank had a device that was basically a simple android phone running the 2fa app. The phone app got updated through new versions and eventually got the drm treatment, but the old app keeps working because it is still running on those dedicated 2fa “devices”.
Naturally the bank is now trying their best to make people deregister the old “devices” and switch to only the “app”.
The old app has no internet permissions. It reads qr from the camera and shows verification as a 6 digit code.
The new app has internet permissions and is integrated with other apps so you can conveniently accept the request of your banking app in the 2fa app (on the same phone) with a single tap via an overlay. 2fa.
I remember when internet banking meant installing some shitty “security” software on Windows before it would let you access the proper page on your browser.
Seriously? Open computing is dead to you because you can’t order fast food or play games? I don’t even have Google Play on this GOS device.
And, by the way, my banking app works fine on LineageOS. Not that I need it, since I use a hardware TAN generator.
Disclaimer: I have been a maintainer for LineageOS and a long time user.
Whoever advocates for LineageOS don’t get it. Using LineageOS will not fix any issue like this.
Already today using LineageOS means give up on banking apps, ID apps, and even McDonald’s and some games like Pokemon.
Yeah because Google with play intergrity now demands valid keys that gets invalidated as soon Google detect they are used for such usage. The cat and mouse game suddenly got much harder to beat.
So no, using LineageOS will soon be possible only with secondary devices and not your primary that you will need for your actual stuff to work.
Would you recommend a B-2 Spirit solution or not yet?
I’ve never had an issue with the three banking apps I tried on LineageOS, and I didn’t even know there was a McDonald’s app or pokemon games.
If this list for /e/os roughly applies to LineageOS (with microG), I wouldn’t call it “only for secondary devices”, more “won’t work for some people”
Did I miss something? AFAIK google is requiring devs to ID, not to use SafetyNet or whatever the “only-runs-on-certified-phones” thing is called
I (for the moment) use stock android without a google account without any issues.
Then again i don’t use banking apps on a smartphone.
My gov provides ID apps and they work fine - then again, GPS is installed of course.
Fuck McDonnalds.
I’ll have to check app support on Linage or PostMarketOS in the near future.
Counterpoint: I use the McDonald’s app where it belongs - on a giant greasy ordering kiosk.
But seriously, banks have websites. Everyone and everything has a website.
I don’t need Android apps at the cost of my privacy or at the cost of control of my devices.
I use GrapheneOS as my only phone, and I have done so for years.
Whatever the topic, I don’t need an app for that.
I don’t know about the US but on this side of the pond banks have their own 2nd factor apps. So to log in to a bank’s website you need an app - quite probably with play integrity.
In America, we’re lucky if our bank supports 2fa, let alone require an app for it
That’s insane, I have never heard of such a thing, but I’m in the US where most banks don’t even have non-sms second factor.
That’s crazy. Yeah in the rest of the world you can’t do shit on a bank website, it’s mostly just view only, and the rest is via the app. If it lets you do anything at all, it’ll require 2FA via the app.
You can transfer money from a savings account with one bank to another account with another bank just via tapping said bank account icon in the app, like you don’t even need the BIC/IBAN/AccNo/Name or any details, it knows where to go just because you have the app of the other bank, all you do is tap the icon.
I’m not even sure you can withdraw the money from the savings account without having the app of the target bank installed on the phone, signed into the target account.
Same way you can add a card to Google Pay by just tapping a button in the bank app, no details or anything required.
Frankly I don’t even know where any one of my bank cards are, I remember for a good while I had a credit card that I didn’t actually have physically because when you open the credit card account (which requires extra checks compared to what is default - debit cards) they don’t bother to ship the physical thing to you unless you explicitly ask for it (via an option in the app), since most people just use it only via Google Pay because everywhere is cashless and uses only NFC.
I didn’t realize at first but it meant that my “card” didn’t even have a PIN, because there was no way to physically have it, any large transactions are authorized in the app, everything else, including IRL is implicitly authorized by me unlocking my phone with my fingerprint, which is required to make NFC payments on Android. I think with Apple phones it’s required to open the app but for me since 2018 it’s been muscle memory to tap the fingerprint reader and slap the phone on the NFC reader on anything from the tube to the dodgy corner shop.
To get the actual card details it’s a relatively hidden submenu in the app, to add to Google pay is a giant button on the card icon in the app.
Convenient as hell but the sheer amount of privacy violations involved and info that must be gathered about the phone to do this in a compliant fashion makes me shudder.
Not so convenient when one loses their phone or service. Then get locked put of everything.
I’ve been using a dedicated TAN generator for banking since I first made my account but I don’t doubt that’s going away at some point, since debit cards from the same bank already require an app for 3-D secure.
No, hardware TAN generator work fine. If the bank wants to force me to use proprietary snake oil it’s time for a new bank. Or using a dedicated old smartphone just for the app.
Counter-counterpoint:
Banks use their app to generate the otp and they reinvented the wheel so if you want to login you need to install it, can’t use a generic authenticator. I am not aware of any single bank in the EU that allows the use of generic authenticators.
For McDonald’s, using the app gives at least 50% off. A menu in the app costs 5 euro while on the store kiosk costs 12 euro. I do not personally care because I find their food to be just barely edible, but I understand why there’s a need to install the app
Some people have no smartphone at all. How can they be customers at your bank?
Pay a fee of 0.30€ to receive the otp via SMS every time they want to login without the proprietary otp app and 0.30€ for each payment to authorize
Fucking hell, y’all make me realize how lucky I am with my bank that runs without gapps.
My bank had a device that was basically a simple android phone running the 2fa app. The phone app got updated through new versions and eventually got the drm treatment, but the old app keeps working because it is still running on those dedicated 2fa “devices”.
Naturally the bank is now trying their best to make people deregister the old “devices” and switch to only the “app”.
The old app has no internet permissions. It reads qr from the camera and shows verification as a 6 digit code.
The new app has internet permissions and is integrated with other apps so you can conveniently accept the request of your banking app in the 2fa app (on the same phone) with a single tap via an overlay. 2fa.
Wow, I admit that’s reaally bad 😅
Also the norm tho, afaik
They physically go there in person.
That’s still a thing.
Damn… The two extremes of the cyberpunk dystopia: no tech at all vs tech slavery.
I assume this is the same with GrapheneOS?
My bank app works without issue inside a private space with sandboxed Play services on my main user profile.
I also have an investment app which runs without any issue whatsoever.
Maybe I’m lucky and these Canadian companies just aren’t dicks about mandating google.
As far as I’m aware, as of now, graphene does not meet googles attestation (Uncertified Device), because google says so, but is easily more secure.
Google’s lockdown has zero to do with security.
I remember when internet banking meant installing some shitty “security” software on Windows before it would let you access the proper page on your browser.
Seriously? Open computing is dead to you because you can’t order fast food or play games? I don’t even have Google Play on this GOS device. And, by the way, my banking app works fine on LineageOS. Not that I need it, since I use a hardware TAN generator.