Is there a bank that is usable with a Google-free phone?

• Previous message (by thread): Is there a bank that is usable with a Google-free phone?
• Next message (by thread): Is there a bank that is usable with a Google-free phone?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks for your feedback!

Bernhard E. Reiter <bernhard at fsfe.org> writes:

>> First, am I the only one who was caught unawares by this situation?
>
> at least it did not hit me, as my bank can do business without app,
> they offered a small photoTAN device and still allow mobileTAN
> via SMS as second factor.

A dedicated device is a good option, IMO. But I find it most interesting
that you still have SMS as an option. My bank (and others) used to offer
the same service, SMS-based second factor. But now, representatives of
every bank I talked to claim that the EU directive and/or the protocol
used by credit card companies (3-D Secure, if I'm not mistaken; there
are several marketing terms for the same thing) require use of something
stronger, i.e. an app.

It's possible that it's not actually true; representatives that answer
phones and read emails only say what they are told to say and are unable
to discuss any details. I see two options here:

- The representatives are correct and some banks (like yours, Bernhard)
  are simply slow to make the transition from SMS-based second factor. I
  know that some merchants are slow, e.g. I can still use PayPal via SMS
  for that reason. If this is the case, it's only a question of time
  before all banks fall in line.

- Alternatively, it's not true, it's just that the banks here are
  pushing hard for everyone to switch to apps, using the EU directive as
  an excuse. I don't know what the incentive for that would be, though.
  I mean, banks don't change infrastructure for no good reason. And
  besides, they seem to have worked pretty hard to make the January 1st
  deadline.

Either case seems pretty bad to me, the only difference is that the
first case is EU-wide while the second is more local. I wrote to this
list because, given what I was told, it seemed to me that it's an
EU-wide issue. If it is not, it would be interesting to find out why.

>> Second, does anyone know a bank that is usable with Free Software only
>> and will serve international customers?
>
> It would be good to know in which country of residence you are.

Oh, it's no secret, I'm from Slovenia. I should have noted that fact,
given that my question is tied to it, I just forgot. Sorry.

> Some general advise (which you probably have tried as well):
>  * Some banks do not know which standard they are actually using,
>    maybe some offer something a general app from f-droid.org can do.

Which standard are you referring to? I know of no bank that would offer
an open API to access their services. Spurred by your suggestion, I
searched f-droid once more, and I do see Bankdroid there. Apparently,
Swedish banks do offer some limited API, but it doesn't seem to go
beyond showing the balance of your account. Am I missing something that
will work with 3-D Secure?

>  * The Auora Store app from f-droid.org can help to download
>    apks from the play-store without account. This can be helpful
>    in some cases.

Very true. In the case of my (now former) bank, though, the app
downloaded using Aurora refused to work even on a stock Samsung, not
rooted or anything. It just wasn't linked to a Google account. Which is
probably related to your last point ...

>  * Safety net maybe required by some apps (thought this does not
>    make that much sense, https://www.xda-developers.com/how-to-use-magisk/
>    can hide that a phone is rooted to try to get make that check
>    (However that did not work last time I've tried.)

If my information is current, Magisk and microG don't give you a working
SafetyNet at this time. And I wouldn't want to rely on it for banking
anyway because SafetyNet is an arms race so it's bound to break every
once in a while. There's also the little issue that DroidGuard needs
some proprietary software; it probably pales in comparison to a bank's
app itself and the drivers needed to make a phone work, but still ...

Thanks,
Jure
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 853 bytes
Desc: not available
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20210319/11182536/attachment.sig>

• Previous message (by thread): Is there a bank that is usable with a Google-free phone?
• Next message (by thread): Is there a bank that is usable with a Google-free phone?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]