[iforgotpassword]

Also because ticking boxes. You just provide an app that fulfills all the silly security requirements for banking apps and then if something goes wrong, the customer has the burden of proving it's the banks fault.

I've had my banking app installed on an old Samsung phone running lineageos. I only powered it on when I had to do online banking. At some point I needed to update the app and they started checking for rooted devices, so it wouldn't work anymore. Now I've installed it on a much newer android device that I also use for a lot of other crap and sketchy stuff I don't want on my main phone. Also it's powered on all the time. Whether that's really more secure than what I did before is questionable.

[hsbauauvhabzb]

Maybe not for you, but rooted phones are a legitimate risk for users that do sideload pirated games and malware etc. I still think the risks are arbitrary, but I can understand why banks want to avoid rooted phones

[lucb1e]

Then they should also avoid rooted Windows machines where malware is a legitimate risk and orders of magnitude more prevalent than on mobile. Doing one but not the other is arbitrary and just pushes people towards having a locked-down device that they don't fully control with them all the time (can't uninstall tracking software from the vendor, for example). A locked-down computer that just sits in your office all day would be less worrisome

[hsbauauvhabzb]

If they could enforce locked down desktops, I’m sure they would.

[lucb1e]

They could have just chosen to not offer the service, but apparently that's okay