Please expand
Wispy2891@lemmy.world 4 days ago
It’s almost already like this. In my country every single bank reinvented the wheel by creating a single purpose app which does what aegis does (otp generation from a seed) but with some bits changed (one for example “encrypted” the seed with ROT13) and with draconian measures like bootloader must be locked, adb must be disabled, and are using literal exploits to see if you have “forbidden” directories on /sdcard like/sdcard/magisk even if no file access is granted
Prime@lemmy.sdf.org 4 days ago
Wispy2891@lemmy.world 4 days ago
in order to login on the bank webapp, a token must be generated on a dedicated smartphone with all the google spyware installed, and the app that generates the token refuses to run if the bootloader is unlocked, or if the device is not “certified” by google
quick_snail@feddit.nl 4 days ago
Which country?
Wispy2891@lemmy.world 4 days ago
it’s not almost worldwide? By reading all the forum posts with us nerds damning the bank app developers for the antiroot checks, it seems a widespread problem
quick_snail@feddit.nl 3 days ago
Nah, Half of the credit unions in the US use software that uses TOTP for 2FA.
My bank in EU does not, so I have to have a physical hardware token to generate OTPs, due to broken regulations