Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
logdahl 5 hours ago

Of course :^) I'm close to jumping ship to GrapheneOS, but as a Swedish resident I really need our digital id services, digital mailbox, and banking apps. I have seen their page on app support, but I am slightly afraid its not up to date / will break any time. I guess the solution is to use one banking android phone and one GrapheneOS for everyday use.

wolvoleo 4 hours ago | parent | next [-]

I just have an old phone for all the banking stuff. And I use degoogled phones for real stuff. I don't need my bank when I'm out anyway.

Not using grapheneos though because pixels are expensive in my country. Also, I disagree with them on some points, like rooting. I don't think me having access to root makes my phone less secure. Obviously it should be secured properly so only I can use it, but that can be done. After all even an unrooted phone still has a root account and runs stuff as root, you just can't access it as a user. That means the OS vendor (grapheneos in this case) has more access rights on my phone than me (how else are they going to install updates), to me that's not right.

I just want to be able to inspect what is going on on my phone. What apps are storing about me on their private storage, and to be able to add root CAs so I can MITM their traffic to inspect it.

prophesi 5 hours ago | parent | prev | next [-]

I believe GrapheneOS would only be an issue if the Swedish gov decides on using the Google Play Integrity API instead of Android's hardware attestation API (and requiring their apps to whitelist GrapheneOS's keys). So their stance doesn't really change much in terms of how banking apps currently work with GrapheneOS.

kungp 3 hours ago | parent | prev | next [-]

BankID, Swish and Swedbank's app work fine for me on GOS so I say go for it :)

girvo 5 hours ago | parent | prev | next [-]

Do the banking apps have features that the (mobile?) websites do not? Genuine question, I have no frame of reference for Swedish banks

amarant 5 hours ago | parent | next [-]

He's referring mostly to BankID which is a very secure MFA solution designed for banking purposes(all banks in Sweden accept the same mfa app) the inbox app is probably kivra, which is a email inbox which uses BankID for authentication, and is used for invoices and other "official business" mails.

There's also swish, which is instant payments to both friends and businesses. Swish also uses BankID.

BankID is also used to sign documents, file taxes, etc.etc.

Swedish society is largely built around this one official MFA solution, and having a phone where you cannot run it is a real hassle

smilespray 4 hours ago | parent [-]

Same in Norway.

izacus 5 hours ago | parent | prev | next [-]

You can't login to those without app as a 2FA.

fleebee 5 hours ago | parent [-]

I can only speak for my bank (Nordea), but they do offer a separate 2FA device you can order if you "can't use" your smartphone for whatever reason. As a solution it sucks, but technically you're not forced to use a mobile phone to login. I'd be surprised if other banks didn't offer similar fallbacks.

buckle8017 5 hours ago | parent | prev [-]

The less free states are starting to require remote attestation to send payments at all.

buckle8017 5 hours ago | parent | prev | next [-]

Sounds like your issue is with your government.

amarant 5 hours ago | parent [-]

It's not an issue, we're just spoiled. It's such an amazing convenience that anything else seems like a huge and unnecessary hassle.

There is actually more a second MFA provider that is accepted almost everywhere, including the tax authority. I forget it's name and I've never tried it, so I can't say too much, but presumably it provides similar functionality as BankID

varispeed 5 hours ago | parent | prev | next [-]

You can have these apps on a separate device that lives in a drawer like paper documents would. We need to separate state from private life.

debazel 2 hours ago | parent | next [-]

You would need to lug the device with you everywhere because BankID is used for all sort of things in Sweden. I couldn't even use a vending machine here without the BankID app.

intrasight 2 hours ago | parent | prev [-]

I am baffled that anyone on HN doesn't have an MFA device in their drawer.

surgical_fire 5 hours ago | parent | prev [-]

Likewise, my plan will be to have GrapheneOS as my "real" OS, and a cheap secondary phone for banking app and whatnot.

wolvoleo 4 hours ago | parent [-]

Exactly, works pretty well for me!