undefined | Better HN

0 pointsS2011y ago0 comments

> Bank apps not running on phones where security has been compromised seems entirely reasonable.

I have root access on my laptop and I log in to my bank's website just fine. Making apps not run on rooted phones is just perpetuating the cycle of forcing users to comply with the restrictions placed upon them by Apple and Google. Root access != less secure. It means control over the device you paid for and own.

0 comments

lmz1y ago

I don't think the root permission ban is for the website. In most cases it's about how your phone + the bank's app has become the new hardware token / key generator. Before smartphones I could log on to the bank's website but any transaction will have to be authenticated using a hardware token (presumed secure). That's moved into an app now.

solardev1y ago

...and you're probably less safe as a result. In the 90s and early 2000s, running as root (admin) was the Windows default for home computers, and that's why we had such a malware and spyware problem then. It wasn't until UAC limited user and app permissions on purpose and Windows Defender became standard that it began to get better.

Root access for you means you have control, sure. But it often does mean you're less safe too, depending on your OS's security model and what other apps can run as you. That's why limited sudo and other "root ish, but only in small doses" models were made. And that's assuming you know what you're doing.

For Jane Grandma, root of any sort means power she'll never need and a footgun to lose her life savings with. It's a good thing mobile phones protect ordinary users from themselves. Most people don't need root access any more than they need the ability to reprogram the ECU on their car.

Besides, on a rooted phone, I thought there were already ways to fool an app into thinking it's not rooted...? Or did they change that?

j / k navigate · click thread line to collapse