Surely, it depends on your particular vendors, but don't you have any problems with banking apps and such? I honestly just don't know, didn't try messing with firmware in a while. Do you use Revolut or something similar?
The GrapheneOS community maintains a list of banking apps compatibility. In a nutshell, most banking apps that haven't been infected by Play Integrity work just fine.I have yet to find a US app that does not work, but some European banking apps no longer do. If switching banks isn't an option, my suggestion is to keep an old or cheap "certified" phone for that purpose. Most of us have old hardware lying around so that is a fairly natural solution. Note that flashing the OS on a Pixel is reversible, so one option is to go back to the stock OS after upgrading to a newer model.
Wow, thanks, didn't know about that. I am actually surprised how broad the list is. I was even about to say that it appears to cover everything I care about right now, but then it occurred to me, that Revolut (unlike some other banking apps) doesn't have its own NFC interface implementation and relies on Google Pay for that anyway, so it's a huge "fuck you". Because it's pretty much the primary reason to have a banking app installed at all for me.
In my country, we do. For starters, we use apps for authentication and notifications. We can debate whether web push is viable, but most banking apps simply do not rely on it. As for older people, I would rather they use an app than a website because it is far too easy to fall victim to phishing attacks, no matter how much we educate them.
OK continuing to play Devil's advocate: In my country my mom fell to a sophisticated spear phishing attack and whilst on the phone with the scammer and he leveraged her app's login to make it easier and more convenient to attempt to send her money via Zelle.
I wonder if there's really evidence to support that the app's protect you from phishing attacks.
I personally think notifications suck and are spam and not needed, and that we could make something new and better we don't have that today though. What do you use the bank authentication for in your country if you don't mind my asking?
I’m not sure about the formal evidence, but to me it’s quite straightforward. I installed the official banking apps on my parents’ phones and told them to use only those apps for banking. Nothing else.
If they use a website, they might mistype the URL or click on a fake link. They don’t really use bookmarks either. Even if they manage to reach the correct site or add it to their home screen, they still have to log in again each time they use it. The app removes all of that—they just tap one icon. Passkeys may improve web security, but they still have a long way to go for non-technical users.
Notification sucks, but overall I’m still in favor of it until we have something better. I’ve had to replace my credit card a few times due to fraud cases, and the same happened to my parents. Because we get instant notifications for every transaction or authentication attempt, we know immediately if something suspicious happens. That’s not really possible with web push, especially since our banks don’t support it.
Authentication is much better in the app as well. In the past, banks would ask lots of personal questions over the phone, which I’m no longer comfortable answering unless I made the call myself. With the app, the account is tied to one device, and biometric login makes it easy and secure. Any approval happens inside the app, which feels safer.
App is definitely not perfect, but for the majority of people (non-tech), it's just a lot easier and (unfortunately) safer for them.
Thank you. I had typed a response and hit hacker news post limits. So will just post I read this, and got a better understanding of this from this back-and-forth. Thanks.