undefined | Better HN

0 pointshiatus1y ago0 comments

> Hot take: rooted phones are inherently less secure.

My computer is rooted, making it inherently less secure than my phone, yet I have no trouble accessing my bank website. What threat is a bank protecting against by disallowing app usage on a rooted phone?

0 comments

kalleboo1y ago

When I access my bank from my computer, I need to authenticate using a secure token, where my options are an RSA-style dedicated device or a secure (non-rooted) smartphone.

twelve401y ago

great question! probably historical reasons:

* computers have always been "rootable", so the banks can't do anything about that

* phones work with "apps", which are viewed as more dangerous than websites. So they came up with the concept of app curation (monitoring large appstores for lookalikes and viruses), and by rooting/sideloading you are violating that model.

* Repackaging a legit app into a malicious lookalike is relatively easy on Android, but harder to distribute if you combat rooting/sideloading.

* if your phone is rooted the bank may be concerned that you could be more susceptible to installing dangerous things, including apps that intercept your 2fa.

You can argue whether these points held up over time (or whether they make things more secure), but that seems to be why they do it. It costs them relatively little to try to combat rooting but potentially liable for losses if people get phished/hacked so...

throwaway2901y ago

> What threat

The threat to majority. Very very few people own a computer than a phone. And those people are much more tech savvy.

j / k navigate · click thread line to collapse