> Use your banks website. Installing a banking app is asking for trouble.

If you can. In order to be able to login to my bank's website I need a OTP which is generated by... can you guess? Yes, their app. Which I can now only run if my Android settings meet their standards. The other day it took me half an hour to access my banking because the app kept complaining that my device wasn't "secure", until I figured out the magic combination of settings to undo to make it work (including for third party apps that should be none of the bank's business).

▲

const_cast a day ago | parent [-]

There are numerous TOTP services that we know are perfectly secure.

They should just use one of those. These banks are assholes. They're trying to get you to download the app for advertising, marketing, and data collection purposes. Not security.

	▲	tomatocracy a day ago \| parent [-]
		This is in part driven in turn by regulations like PSD2 in the EU requiring "Strong Customer Authentication". Most banks seem to have decided that a TOTP-style challenge does not meet the requirements of the regulation (this may even be an explicit ruling, I don't know).