[jdiff]

Rooted devices don't enable that transaction. That's all social engineering.

[mike_hearn]

It's all social engineering now but that's because phones are secure and remote attestation infrastructure is in place.

Go back fifteen years and malware is absolutely submitting bank transactions after the user does a 2FA.

https://krebsonsecurity.com/2010/03/crooks-crank-up-volume-o...

[jack_pp]

and grandmas don't root their devices.

[pixl97]

As a devils advocate grandma would have no idea if she was buying or got her device rooted by someone else.