Is there a bank that is usable with a Google-free phone?

Bernhard E. Reiter bernhard at
Tue Mar 23 13:24:19 UTC 2021

Am Freitag 19 März 2021 21:01:13 schrieb Jure Varlec:
> A dedicated device is a good option, IMO. 

Yes, this works fine.

> But I find it most interesting 
> that you still have SMS as an option. My bank (and others) used to offer
> the same service, SMS-based second factor. But now, representatives of
> every bank I talked to claim that the EU directive and/or the protocol
> used by credit card companies (3-D Secure, if I'm not mistaken; there
> are several marketing terms for the same thing) require use of something
> stronger, i.e. an app.

We could try to check:
Does the directive forbid SMS as second factor?

Some of the credit cards seem to go to the bank for an additional verification
and some banks seem to be able to use what they always use.

> I'm from Slovenia. I should have noted that fact,
> given that my question is tied to it, I just forgot.

No problem. I just think it may allow some people to comment
on the local conditions in your country (like having a recommendation).

> > Some general advise (which you probably have tried as well):
> >  * Some banks do not know which standard they are actually using,
> >    maybe some offer something a general app from can do.
> Which standard are you referring to? I know of no bank that would offer
> an open API to access their services. Spurred by your suggestion, I
> searched f-droid once more, and I do see Bankdroid there. Apparently,
> Swedish banks do offer some limited API, but it doesn't seem to go
> beyond showing the balance of your account. Am I missing something that
> will work with 3-D Secure?

I was thinking that for a second factor banks could potentially use
the standards for one time passwords, like HTOP or TOTP
for a random example app see
However I don't know if there is any bank offering this.
(If not, I'd be interested to know why.)

[Using the Aurora store on a non-google phone]
(Thanks for correcting my typo, Andrea. :) )

> If my information is current, Magisk and microG don't give you a working
> SafetyNet at this time. And I wouldn't want to rely on it for banking
> anyway because SafetyNet is an arms race so it's bound to break every
> once in a while. There's also the little issue that DroidGuard needs
> some proprietary software; it probably pales in comparison to a bank's
> app itself and the drivers needed to make a phone work, but still ...

True, it is an arms race, but hey, an emulated computer is also a computer
and if this it is mine, I should be able to run the software on it which 
pleases me. So the whole "tamper" protection is a two edged sword at least.

FSFE -- Founding Member     Support our work for Free Software: | contribute
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the Discussion mailing list