|
|
|
|
|
|
by KETHERCORTEX
959 days ago
|
|
|
> First, if you copy the login page those assets are in the apk. You don't need to store the assets in the APK if you can load a webpage. > Third, and most importantly, if you reverse proxy the page then the app will appear to users to actually work. This is crucial for the bad actor You don't need to show the working bank app if it isn't advertised as one. Name it "Government assistance program" with "application process" requiring logging in with bank credentials (to confirm identity, because bank knows who you are). Then you can make it more convincing by adding some bs forms and stuff like "your application will be processed in two weeks". I saw this stuff already implemented and used. They can add as many integrity protection layers as they want, but it won't trigger one. So it looks like a measure to say "bank apps are safe now we are great guys" without real effect. I'd say that it may increase login thefts because users may get a false impression that anything they will install is safe now. |
|
|