Banking apps seem to be a motif among things that don't play well with privacy ROMs. My bank's website does everything I could want out of it. I think I might be ignorant to something.
- What about banking apps is especially compelling?
- How often do banks put must-have features behind an app?
- And should I be concerned that banks might move away from offering services through browsers?
My bank's app has way less functionality than the web version, but it's used as a second factor to auth some operations, so I have to use both.
It's a must for me. My phone is my primary day-to-day computer, so I need to be able to so everything from that. Unfortunately that is also why I'm not using graphene OS, because our government 2FA system doesn't work in graphene OS (even with play services installed) so it's impossible to do anything. I can't check anything WRT banking, schools, taxes, daycare, doctors appointments, hospital record or change anything that requires the involvement of city hall, including checking digital mail from the municipality or government. It's basically not possible to function in our society without it.
Out of curiosity, what do older citizens do? Like those in their 80s? Many here do not have a smart phone or mobile.
Wow, that is pretty hostile to the elderly. Imagine those who struggle to get about? Excluding them from society.
For banking and other official business, they have to go physically. If their bank has no physical department near them well then it sucks to be them. For digital mail you can apply for exemption and you will get physical letters.
You can order a digital code generator so you don't need the app if you still want 2FA for digital handling. But I don't want to have to carry that with me it would be a significant inconvenience for me.
I mean, it's been 15+ years since smartphones hit the market as a regular device, so those people where only in their mid/late 60's when that transition happened. And there are solutions in place for both digital access without smartphone and physical only access. I'm not sure I see how that is hostile to elderly or people that can't/won't use a smartphone or insist on physical access. Obviously physical access is going to be a hassle, that's why it's not the default anymore.
Usually not worth it, the website usually has everything.
I've been surprised by how many banking apps I've seen that don't require safteynet or google services (I thought basically all of them would require it). Some banks websites don't work very well on mobile, so that's some peoples reasoning.
Depositing checks is about the only useful thing I've seen on my local bank's app, but that only matters if you do business stuff with people who pay with checks.
My bank's 2FA works only via their app or via SMS. For SMS I would have to pay per each received SMS.
The app perfectly works without safetynet, with microG, rooted with magisk but hidden by zygisk, so I'm lucky. At one update they added a popup at start after login about asking to add my card to Google Wallet (or whatever it's called nowadays), and it's not implemented in MicroG, so I can't open it since that version. I just downgraded to the last working version and blacklisted its upgrades in Aurora, and I hope they won't block my old version in the near future.
It's a very progressive small local bank, I will contact them about this issue if they block my old version to make that dialog optional.
I don't use them. Web banking works completely fine for me. Back when I did use them, though, I always used them on privacy ROMs/GOS specifically. Went through 4 different banks and all their apps worked fine for me on GrapheneOS. No Google Play services either.
2FA must be done through the damn app. It's TOTP (six digit) but locked behind god knows what. I asked for alternatives and they looked me like I was a caveman.
I'm in the UK. I do not use them. I can login via website, and use text as 2FA. I do not need to use it out of the house but have that option if I want.
I pay via bank debit card.
I would be surprised if they app locked features. It would exclude elderly and probably be illegal.
Things you can't do with the website:
- Login with biometrics. Wants password and 2fa each time. As it should, but it gets tedious, especially when I want to confirm online payments (which need to be confirmed inside the interface after you login).
- No contactless payments. You can enroll a card into Google Pay but fuck Google, I don't want them seeing what I buy.
- No notifications, hope the bank is willing to send SMS instead.
- Bit more tedious to send money to someone because the website can't look up contacts by name, have to look them up separately and copy the phone number over.
most banks here require 2fa so theres that
and most block even it on custom roms
cant wait for this shit to be cracked already
I think your largest banks like your Wells Fargo's and Chase and Discover, etc. are going to take quite a long time to move to app only stuff if ever. However, newer entrants such as chime do lock functionality behind their app and make their websites really terrible. So I would avoid those.
I don't run an OS on my phone or laptop that could run a proprietary banking app in the first place. Can't be inconvenienced if you don't know what convenience feels like in the first place.
Website here is awful. Paste is disabled, it’s not optimized for mobile, it’s a PitA to use, & there is literally code to check if the user is running Netscape Navigator 4. The site has a weird encoding that doesn’t allow English punctuation, & to change your email or phone number requires physical documents, ID, & a wait period. The app is poorly coded & doesn’t work if you have root, are running a custom ROM, (& likely if you don’t have Google services)—so I do just use the site. …But if we are being real, I actually always keep cash on me & cash is preferred so while the problem is still relevant, needing the app/site isn’t dire.
What is really missing for my country on the site is QR code scanning for bank-to-bank transfers that a lot of vendors use & to do some bill payment. For instance, while I could set up the electric bill to auto-debit, my internet bill only has QR scan without a physical bank number I could transfer to (& the short list of utilities doesn’t include my net)—so I take a 25-minute bike ride in the heat once a month to pay that bill but I reward myself by getting to swing by the nearby-ish Hong Kong pie bakery to get a treat & a latte to make out-of-the-way trip feel worth it.
When I do have to use the site & since there is no QR code scanning, the workflow is:
- Login (I have a script to block their paste-blocker to use my password manager)
- Create a new recipient which requires a unique name, the account number + their banking service provider, phone or email, and 12-digit SMS 2FA code (no TOTP or FIDO2 option); this process is done on a desktop-only site which is hard to work with
- Confirm that with email
- Go to transfers, select my from account (despite me only having one account & no default preference option), find that user I created, fill in an amount, do another 12-digit 2FA
- Then they want to take a picture of my phone after the transfer for whatever reason reason
This process due to bad UX can take up to 10 minutes if they are not ready. So the tl;dr is to carry cash or hope an ATM is nearby.
I had discussed it with a local & he said there has been more push towards cashless brought on by businesses/government wanting to track everything & tourists demanding their privacy-invasive ‘comforts’ like $BIG_TECH_PAY & $CREDIT_CARD options despite most folks being fine with cash. Cryptocurrency is basically never accepted either.
If the day comes where I don’t have a choice, I will start carrying a second device with nothing but banking & similar nonsense that prevents my freedom to do what I want with the device I own. OP knows the website experience matter since it not only gets ported to platforms outside the mobile monopoly but sandboxes the banks for spying on your device & asking questions that aren’t their business like if I run an unGoogled ROM. Good thing there was a mass of pushback against Google trying to add attestestion to Chromium ore we’d enjoy the same nonsense on the web too where I’m sure Linux would be block by these goobers.
I live in the Netherlands, where there's a QR-code-based payment method called iDeal, which you need a Dutch banking app or little code machine thing to use. With my bank, at least, there are a few things you can do with the website that you can't do with the app, but for day-to-day use the app's fine.
