Hacker News new | past | comments | ask | show | jobs | submit login

Magick's root hiding module fixes this, and you're probably running Magick anyways to re-enable Google Play certification.



It's still funny that Banks infer rooting, and maybe even weirder, using a custom ROM equals a security vulnerability when usually the reverse is true.


Not really. My generally-reasonable local bank has a sign up asking people to remove hats and sunglasses (I don't). It's about pushing whatever they think helps their security, often at the expense of yours.

Google isn't going to use its control of your phone to directly transfer money out of your bank account - that would be illegal, so Google is not a threat to the bank.

You are under attack from Google, and taking back ownership of your phone is a necessary step to defending against this. It's just not the bank's concern.


I don't think they're referring to Google as the threat, but the fact that stock Android is often outdated and missing patches.


I guess there's that too. As someone that has strayed from the herd, I had forgotten about that whole planned obsolescence thing. Although the herd immunity does still somewhat apply to outdated devices, given the bank knows which Android version you're on, and can thus increase their prior that the device has been pwnt by 4th parties.


It gets worse. Log into Bank of America with a perfectly up-to-date Firefox on Linux, and you'll get a dickbar across the top of the screen stating "You are using an unsupported browser version. Learn more or update your browser."

Apparently, they've decided that Firefox isn't Firefox when it's not running on Windows.


I haven't tried this because I haven't used a bank application on an Android device, but how does it perceive LineageOS with its official SU capability? When the application asks for root, can you deny root in the prompt and the app will be none the wiser?


My bank is quite funny about this because even if you disable su on LOS it will write to a file that your phone has been rooted because of the cutsom rom, so even if you install magisk after the bank app freaks out, you still can't make it _forget_ that you had root. Also it takes a week to activate most features on the app after install, _sigh_, so uninstalling is pretty much not an option either.

The funny part is, when you first open the app after install, to stop root/rom users using some features, they just write a boolean to Android's shared preferences `USER_HAS_ROOT` or something. So _if_ you do have root you can just use a file explorer, or adb or something else go to the shared prefs file, change the value to false and when you relaunch the app, as long as magisk is installed, it works fine.

But no, my app doesn't like Los, and I think I even had to uninstall the inbuilt su of the ROM.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: