Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
1. All posts must be relevant to Android devices/operating system.
2. Posts cannot be illegal or NSFW material.
3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.
4. Non-whitelisted bots will be banned.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Community Resources:
We are Android girls*,
In our Lemmy.world.
The back is plastic,
It's fantastic.
*Well, not just girls: people of all gender identities are welcomed here.
Our Partner Communities:
I can't root my phone because I don't have an image for it (Moto G73) although I'd like to, but for some reason my banking app thinks it's rooted and refuses to work. This happened just after I updated it, it wasn't happening before.
Edit: I'm regretting not getting the Motorola Edge 40 Neo, which also costs £250, but is slightly better in multiple ways, and seems like it has better root support.
Install Kitsune Mask (just like Magisk install) https://huskydg.github.io/magisk-files/
Install PIF Next. It will automatically download new device fingerprints as Google bans old ones https://github.com/daboynb/PlayIntegrityNEXT
Google, banks, Microsoft, whoever else is aggressively checking for root. Please consider to eat my entire asshole. Thank you.
Edit: nvm I'm bad at reading, I missed that you couldn't even root your phone.
Wasn't there talk about Google deprecating SafetyNet? If this has already happened and your banking app is still relying on it, it could lead to a fslse positive on the root check I believe.
I was able to bypass something similar by using apps that create multiple instances of an app, I used Shelter (https://f-droid.org/packages/net.typeblog.shelter/)
How are you rooted?
Magisk Hide + Play Integrity Fix should fix it. Also hide all Google play services from detecting root.
I'm not rooted, that's the problem.
Maybe not ideal but I'm sure the web version of your banking app would work through a browser.
It does, but it's not designed for mobile. I would send a screenshot, but I don't trust myself to censor everything important.
Try to use a desktop, try different browsers if needed, if you cannot, you may need to physically go to the bank.
That's a fair point. My old bank which was pretty terrible I never installed their app and found the app just loaded a mobile version of their website so I just used that.
The website also makes me log in with 3 random digits from a pass code and sms verification every time, as opposed to the fingerprint the app required, so it's definitely more of a pain. The website claims to have chat feature to get support, but I don't see it even when I disable ublock origin for the site.
maybe a stupid question: But doesn't android sandbox every app? If every app is running in a sandbox, it shouldn't be too hard to pretend your phone isn't rooted.
If they check for a specific version number, like @RagingRobot mentioned, it also shouldn't be a problem. Just set that specific sandbox to return whatever version you want.
I am aware that 'just configure the sandbox' is not really an accessible solution. But a sandbox-config-master would be a great app for rooted phones.
Well apparently rooted phones can pretend to apps they're not rooted. Problem is, my phone isn't actually rooted.
Turn developer options off.
I use developer options on a regular basis, so that won't be a permanent solution, but I could test to see if it is that.
Do it, my local government app at least had the decency to explain it was the developer mode being on and not root.
I have too many gripes with banks and how they handle digital interactions.
They're a bunch of dinosaurs, both in what they support and how they support it. They're also in a position where they feel like they can do what they want and you just have to suck it up.
And for the most part, they're right, because all the banks are equally bad. A nontrivial number of the apps are just chrome running in an app window, security is a joke, they make you sign in with your card number which is plainly visible to anyone with eyes that is within a few meters of your card anytime you have it out of your wallet, they restrict your password so you can't use special characters or have it be long enough to actually provide real security, and they limit your 2FA options to SMS. Everything is terrible.
Even when you go into the bank or use the ATM, access is restricted by a fucking FOUR DIGIT NUMERICAL PIN and if you can even use a longer pin code, they don't tell you that and most systems assume your pin is four numbers and won't let you enter any more than that.
God forbid you lose your card, good luck going through the gauntlet of outdated information the bank is going to ask about for you to prove you are who you say you are.
They're all the fucking same and it infuriates me.
Banking tech is still run on FORTRAN and COBAL. It’s ancient and pretty much can’t be upgraded. Until there’s a major push for new technologies across all banking it’ll keep being this bad
They can create interfaces to buffer our experience with their back end (the COBOL running the actual transactions), which is largely what they're doing.
The COBOL back end basically just acts as the service that handles the data that represents the money and accounts.
Not having advanced security options, even as simple as complex passwords to allow clients to access their accounts can be managed by the intermediate layer between the COBOL service and the UI, and there shouldn't be a reason for such limited password length or restrictions on MFA.
The fact that COBOL runs they're back end doesn't excuse the terrible front end, especially on applications for mobile devices.
This has been thrown around as reason why things suck so hard, and bluntly, it's a piss poor excuse if you ask me.
Capital One provides OAuth for (budget) apps to access at least.
This happened to me once when I updated Android. The bank software had a check for a specific version and my version was higher so it thought I was running something weird. I had to wait for the bank to update the app to support the newest android version
Online banking has always been a disaster.
I remember when I got a new phone and I could not figure out how I was supposed to get the banking app on my phone so I called the bank and they said oh you just have to remove the app from your old phone.
Weird but ok.
Thing is, what if I don't have the old phone what am I supposed to do then banking app people? The rep really couldn't get her head around the idea that the phone was in at the bottom of a lake.
Then I had to go through this carry-on where I had to send in all sorts of bits of info and then the video of me waving just so they let me install the app again. And that's on top of all of the other security the banking app already has.
Then I had to go through this carry-on where I had to send in all sorts of bits of info and then the video of me waving just so they let me install the app again.
That sounds good. Otherwise anyone could steal your bank account by saying "I lost my phone."
They would still need my password to sign in so really they're just adding unnecessary layers of complication but they're not actually adding any security since anyone who can know my password can fake all the other stuff as well.
I'll go without a phone before I agree to terms like that. I refuse to go without my permission spoofing and privacy enhancements. I'm not giving them unrestricted access to my data, they'll have to at the very least try harder and waste more money on hackers than usual.