You are viewing a single thread.
View all comments View context
-9 points
*

You deftly evaded the leading attack vector: social engineering. Root access means any app installed could potentially access sensitive banking. People really are sheep and need to be protected from themselves, in information security just like in anywhere else.

You don’t get a “accept the risk” button because people don’t actually take responsibility, or will click on those things without understanding the risk. Dunning Kruger at play.

Why is this prevalent on Android but not desktop Linux? Most likely a combination of 1) Google made it trivially easy to turn on, and 2) the market share of Android is significantly large enough to make it a problem warranting a solution.

The fact that you know how to circumvent it is inconsequential to the math above. Spoiler: you never were nor ever will be the demographic for these products, in their design, testing, and feature prioritisation.

permalink
report
parent
reply
19 points

Root access means any app installed could potentially access sensitive banking

That’s not how it work. Having a rooted phone does not turn it into a digital farwest were every application can do anything. It becomes a permission like everything else; if you only grant it to safe stuff (like, for example, not granting root to a single app but using it to customize your phone through ADB), there’s not much to see here.

permalink
report
parent
reply
6 points

In fact, it can be better: having root means you can arrange additional ‘firewalls’ between apps and your data , or omit/falsify sensor data the the banking app should not need, that the Google is unwilling to implement.

permalink
report
parent
reply
0 points

The word “potentially” was critical in the parent’s comment. A banking app cannot be assured that other apps are prevented from accessing its data when the phone is rooted.

permalink
report
parent
reply
2 points

So? If I, the customer, want to access my banking info, on my phone, with whatever means I want, I should be able to. As I said, it’s not like every app gets root access, if I, as the owner of the device, explicitly gave root access to something, it’s for a reason.

And the main point that a rooted phone can basically hide itself from any app remains; these “detections” are trivially bypassed in the exact situation they’re supposed to detect.

permalink
report
parent
reply

linuxmemes

!linuxmemes@lemmy.world

Create post

Hint: :q!


Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules
2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of “peasantry” to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
4. No recent reposts
  • Everybody uses Arch btw, can’t quit Vim, and wants to interject for a moment. You can stop now.

Please report posts and comments that break these rules!

Community stats

  • 6.5K

    Monthly active users

  • 1.3K

    Posts

  • 71K

    Comments