(Rant)

At somepoint, HSBC decided KDE Connect installed via F-Droid is less secure.

Photo of the HSBC UK app urging I install KDE Connect via GPlay or Galaxy Store

Then it decide non-whitelisted keyborads are a security risk. Only Gboard and Samsung Keyboard is confirmed within the whitelist.

Photo of the HSBC UK app telling me to switch input method citing security risk


I understand the point that risk can be introduce at various points, yet this is simply too much. Yeah there are people phone infected by malware but from Play Store. Not a single time I heard one ever happened on F-Droid distributed apps, at least not from the official repo. Also, I will put more trust on an open source keyboard than any proprietary keyboard.

Furthermore, I’m shocked that an app can read my app list, and current keyboard (introduced in Android 14). This just make building a profile much easier as I belive everyone almost have an unique set of apps they like. I don’t think any apps need such functionality. Why the f it needs to care what input devices I uses? This make me worry more about untold (aka burried deep in Privacy Policy) data collection.

  • @[email protected]
    link
    fedilink
    English
    442 months ago

    And then i complained that my bank blocked access if adb was enabled…

    If there’s no loan attached to that account, for me this message reads “sorry, we don’t want you as a customer. Please contact a bank teller to have a full refund, uninstall this app and don’t forget to leave a 1 star review”

    I’m not willing to compromise on this shit. My phone is my phone.

    • @RubberElectrons
      link
      English
      182 months ago

      Imagine one of my medical apps refusing to run because of adb…

      • @[email protected]
        link
        fedilink
        English
        5
        edit-2
        1 month ago

        My medical app doesn’t let me take a screenshot of the bill statement when I wanted to contest an upcharge.

        luckily there was still an option to download a pdf, but still there was no option at all to disable that BS.

        • @RubberElectrons
          link
          English
          2
          edit-2
          1 month ago

          That’s wack as hell.

          In my case, Medtronic does a lot to prevent inspection of how their apks work at all, encrypting and obfuscating the code to make open-source emulation extremely difficult.

          Luckily, hackers don’t quit.