• @[email protected]
    link
    fedilink
    17
    edit-2
    9 months ago

    People like you or I may know what we’re doing with a rooted device, but I think the issue for the banks is that they can’t guarantee that someone with a rooted phone knows what they’re doing or isn’t using a malicious app, so they have to be cautious and block all rooted phones.

    An app that requires root may look like a normal app but it could be a trojan that modifies banking apps in the background (eg patches them on disk or in RAM so transfers done through the app go to a different recipient). There’s been malicious apps in the Play Store in the past, and rooted apps have way less oversight - some are literally just APK files attached to XDA-Developers posts or random blog sites.

    • @johannesvanderwhales
      link
      119 months ago

      I take your point, and I’m sure you’re right about the banks’ rationale, but in my own view it does not seem like it should be the banks’ decision to make.

      • @[email protected]
        link
        fedilink
        89 months ago

        As soon as a bank offers any sort of fraud protection, though, security becomes a bank issue (in addition to a “you” issue).

        Not at all saying I agree with the banks on this, but I think that may be part of the thinking.

        • @[email protected]
          link
          fedilink
          29 months ago

          This is a good point. The bank needs to do as much as they can to reduce fraud risk, and they’ve probably found some correlation between rooted phones and a higher likelihood of fraudulent transactions. Some banks block VPNs for a similar reason - when logging in from a VPN, it’s harder for them to tell that it’s actually you vs if it’s an attacker that uses the same VPN service as you.

      • @markstos
        link
        19 months ago

        Your risk exposure is that you could lose your bank account balance. The banks risk exposure is that they could lose every bank account balance exploited by the same rooted phone vulnerability. So they evaluate risk differently than you do.

    • sepi
      link
      fedilink
      1
      edit-2
      9 months ago

      bro I gave my nana root on her eye phone and by the end of the week she had hacked half of North Korea - the other half thought her actions were a good example of juche ideals. It was crazy ngl