The problem with banking isn't rooting itself as an attack vector, but the insecurity and laxk of reliability guarantees of rooted phones so that banks rightfully don't want any liability when something goes wrong with their apps.

▲

fcpk 8 days ago | parent [-]

which is idiotic as you can have things like locked through adb root that only grants you root if you use adb to connect and you need to approve the request to connect on the phone first. This has nothing to do with guarantees but is just a security theater to sound like they are doing something

▲

gmueckl 8 days ago | parent [-]

My argument isn't as much about the tech as it is about managing risk on the bank's side.

Imagine claims like "the XYZ bank app mangled my input and now my money is gone". I'm certain that people have sued for less. How can the bank argue in court that this wasn't their fault? What if the plaintiff demonstrates some actual glaring app misbehavior in court, but the root cause is in a broken third party Android build?

	▲	palata 7 days ago \| parent [-]
		Are they "managing risk" or are they just "doing stuff"? How often does it happen that an alternative Android OS causes issues to banking apps? I have personally never heard of that, and it would be very bad publicity for the OS. In my experience, because a company does that kind of "risk management" does not mean, at all, that it is a useful thing to do.