Yep, if you capitulate from the start than nothing changes. And you as a user are giving them a chance to lock you into custom OTPs (that are just little changed standard OTP to force you to use their app so they can track you, steal your contacts and god knows what else (i have reversed it, got the seed and i am running it from shell as I was sick of it) even if they have a classic web page.
Everyone just agreed that it is fine if certificates are no longer used for web apps (even with a fully standardized pkcs#12 tokens), everyone just agreed that bank is using some non-standard otp generator, everyone just agreed with everything. Now you will soon have to pay heating in car on monthly basis.
Stop agreeing. Start complaining. Now and you.
Sailfish on Sony Xperia 10 works like a charm, with working things that even modded roms are having issue with.
If you fight it back... I am running my banking app (that they have even if they also have a web based app) for 4 years now without any issues, they did a major rewrite in between, but quite frankly in most of cases Safety-net is just a bunch of sand into eyes of security, if implemented right it might have impact but at the end most of banking banks are reducing it to if statement (that i patched).
Yep, true that normal user cant do this, but this is users call. Complain to financial ombudsman, complain to the bank, demand a way for you to authenticate if you are paying for the product, complain bank supporting phone monopoly etc.
Harass developers that decided to verify if phone is rooted, prove in media that they are just a bunch of kids having a boner on security they don't understand (which is a huge fact in all annoying login schemes, from mail to sms etc., OTP was more than enough (sms... giggling... ss7 access on tor for 500 dollars monthly)
Actually you are addressing wrong problem. It starts somewhere else, when you want to use Bluetooth hardware that has a custom app to use it and you cant use it on Sailfish while you cant use it in Android layer as there is no bluetooth pass-trough. Here I vote with my wallet, not buying such devices and waiting for Sailfish to implement it.
Everyone just agreed that it is fine if certificates are no longer used for web apps (even with a fully standardized pkcs#12 tokens), everyone just agreed that bank is using some non-standard otp generator, everyone just agreed with everything. Now you will soon have to pay heating in car on monthly basis.
Stop agreeing. Start complaining. Now and you.
Sailfish on Sony Xperia 10 works like a charm, with working things that even modded roms are having issue with.
If you fight it back... I am running my banking app (that they have even if they also have a web based app) for 4 years now without any issues, they did a major rewrite in between, but quite frankly in most of cases Safety-net is just a bunch of sand into eyes of security, if implemented right it might have impact but at the end most of banking banks are reducing it to if statement (that i patched).
Yep, true that normal user cant do this, but this is users call. Complain to financial ombudsman, complain to the bank, demand a way for you to authenticate if you are paying for the product, complain bank supporting phone monopoly etc.
Harass developers that decided to verify if phone is rooted, prove in media that they are just a bunch of kids having a boner on security they don't understand (which is a huge fact in all annoying login schemes, from mail to sms etc., OTP was more than enough (sms... giggling... ss7 access on tor for 500 dollars monthly)
Actually you are addressing wrong problem. It starts somewhere else, when you want to use Bluetooth hardware that has a custom app to use it and you cant use it on Sailfish while you cant use it in Android layer as there is no bluetooth pass-trough. Here I vote with my wallet, not buying such devices and waiting for Sailfish to implement it.