Why is it on Google to stop this and not the banks?

igregoryca 6 hours ago | parent | next [-]

What can Bank X do to stop phone malware from scraping the user's session token from the Bank X app or website?

Yes, banks should (and sometimes do) double- and triple-check with you before allowing large transfers/withdrawals, but scammers know how to coach their victims past this. Speaking from experience.

(I also don't fully agree this is Google's responsibility, and I am not happy about this development. But there are legitimate points in favor of outsourcing the question of "will this software do nefarious things" to some kind of trusted signing authority.)

▲

bhhaskin 6 hours ago | parent [-]

Don't do instant non-reversible transfers. Specially for a transaction that is highly likely to be fraud. I.e. person transfers to someone you haven't done business with before or foreign accounts. Also the fraud detection needs to go both ways.

	▲	pas 4 hours ago \| parent [-]
		they can wait. how would the clueless victim check anyway?

▲

Gigachad 4 hours ago | parent | prev [-]

Because they want to shake the image that the iPhone is for the average person while Android is for technical people who take the risk of malware and scams.

There are more grandmas who just want their banking secure than there are FOSS advocates wanting full system access.