| ▲ | exe34 2 days ago | |||||||||||||
last time I walked into the bank to do something, they tried to peddle their app. I giggled and said no, their developers don't understand security. my phone is rooted and their app won't work. | ||||||||||||||
| ▲ | t_mahmood 2 days ago | parent | next [-] | |||||||||||||
Unfortunately, I can say with 100% confident, the customer service of my bank will not freaking understand what is a rooted phone, or LineageOS ... And my bank's web app developer couldn't even fix their log in bug for several months. I realize, now, it's because they want to sunset their web portal. Which is extremely annoying ... what if I don't have my mobile!! Lazy, and greedy corporates, just trying to save their costing with shortcuts, never realizing security is never achieved by taking shortcuts. | ||||||||||||||
| ||||||||||||||
| ▲ | plqbfbv 2 days ago | parent | prev | next [-] | |||||||||||||
> I giggled and said no, their developers don't understand security. Their developers usually understand security well enough. The problem, especially for banks, is that they're zero-risk driven, their ideal world is the one where risk doesn't exist. So instead of mitigating it they chase risk elimination (!= reduction) at any cost, while middle management needs to report that they improved something for the quarter. This results in all these kinds of stupid policies, where a 6 year old mobile, unmaintained for 4, is considered more secure than the weekly build of the community-based custom ROM running with locked bootloader signed with user-managed keys with strong protection (these days it's almost infeasible). EDIT: to be clear, it's normally not the developers thinking up these policies, I have worked in a bank. | ||||||||||||||
| ||||||||||||||
| ▲ | out_of_protocol 2 days ago | parent | prev [-] | |||||||||||||
It's their security and not your security, don't mix up | ||||||||||||||
| ||||||||||||||