Where I bank is sensitive information. It has value, most especially to debt collectors, hackers, and adversaries. Hackers would love to have that info not necessarily to attack the acct but to write a convincing ransom demand. Google ties downloads to identities. The app can only be exclusively jailed in a walled garden if the source code is secret (and it is).
@resist1984 I'm a big fan of credit unions, myself.
@wswartzendruber credit unions are a big bump up in trustworthiness, but even US CUs are jailing their closed-source apps in #Google's untrustworthy #Playstore, so Google knows where you bank, as well as any insiders happy to sell that data.
@wswartzendruber Regarding EU banks, they are much more of a gestapo as far as keeping your place of residency on file. So I could envision them using the location tracking to check consistency. They would probably use an ATM locator service as a cover story for why the app needs your location.
@wswartzendruber Some European banks have started closing down web access to force customers to use their proprietary app exclusively from Playstore, which means customers without GSM service or who are unwilling to share their phone number with Google are denied online access to their account.
@wswartzendruber These ppl cannot do gratis money transfers, and they must either pay a fee for mailed statements or they must make a trip to their bank once a month.
@wswartzendruber And if you think you can get the app from some dodgy APK downloader and run it in a sandboxed Android VM, the answer is no. Some (if not all) bank apps are very good at detecting whether they are running on a VM, and the app refuses to launch.
@wswartzendruber And what about innovation? When the app is proprietary closed source, I can't add features. I can't code it to automatically grab my statement, sync with my ledger, and file it where I want it, and I can't port that code to my other banks.
@resist1984 @wswartzendruber Or they use a home banking programm on their computer via HBCI. I don't remember having paid a single "transfer fee" in the 25 years using it that way.
So why not finally abandon the idea of that "mobile banking app"? There are FOSS solutions like Hibiscus you could use on your Laptop (if you insist on movable) or PC. Even using a live CD with Tails.
@IzzyOnDroid @wswartzendruber I'm talking about the banks that are 100% phone access only. There is no web UI anymore, and no HBCI. In Germany your reality is different than the rest of the world. HBCI is German; it hasn't even crossed the boarder into Belgium.
@wswartzendruber @IzzyOnDroid And since forced proprietary mobile phone apps have proven successful for banks, they have little incentive to start offering HBCI as proprietary apps are more profitable.
@resist1984 @wswartzendruber companies want HBCI, they don't do their banking via apps. So that's their incentive here.
@IzzyOnDroid @wswartzendruber then theoretically companies all over Europe would go to German banks to get that benefit, but banking across EU borders is usually blocked. I tried to open an acct in Germany and was turned away by the bank, who said "you don't live here and you don't work here, so no".
@wswartzendruber @IzzyOnDroid I also saw a post from a homeless German who was being refused a bank account, which he said he was legally required to have, because he could not prove his address.
@resist1984 @wswartzendruber @IzzyOnDroid The Postbank has been or still is the address for bank accounts for hopefully everyone, by law.
@resist1984 @wswartzendruber Another method to ensure you use a phoñe app is to proprietize MFA.
@resist1984 You misunderstood my pun. You and I won't be using Play, right? So with neither the source being available, nor the app outside Play – well, wasn't that effectively keeping us from using it? Why would we install closed source, and then even from Play? We wouldn't. So: it worked. And we didn't even come into the temptation of doing something that insecure as "banking on the smartphone using a tracker-ridden app". Win-Win 🤪
@IzzyOnDroid It works against us b/c we are a negligible minority. The bank can marginalize us & they don't even notice b/c the masses are onboard. *All* of my banks have apps exclusively in Playstore & Apple's store. One of my banks has gradually removing web features to push ppl to the phone.
@IzzyOnDroid Another one of my banks has wholly discontinued the web, so the phone app is the /only/ means for access. This happened after I moved away from the bank, so I can't even transfer my money out. Since consumers are happy to accept this, the banks are fine with cutting us off. As our options shrink, the unwitting masses are being exploited. It's lose-lose.
@resist1984 I have never ever used any banking app on the phone. Neither do I use banking via website. They nearly always have HBCI (https://en.wikipedia.org/wiki/HBCI) because their "big customers" use that. And for what I cannot do that way, I give them phone calls. Or send in a fax. Worked fine so far. But that might be special for Germany…
@IzzyOnDroid HBCI is specific to Germany. It's great that it caught on there. There is also a German bank that uses PGP, so you can get encrypted statements via email w/no effort on your part. Outside of Germany it's a disaster. And even in Germany, I'll bet transfers by phone/fax or over the counter have a fee (this is the case for the phone-app-only bank).
@resist1984 @IzzyOnDroid It *is* a German standard, now called FinTS. But, it's just an xml based messaging standard, a bank should be able to adopt it. And it's published, otherwise Olaf Willuhn couldn't have written the Java open source finance framework Jameica and the PC banking app Hibiscus which produces messages my bank accepts. Though they hate that I don't buy their prog. 😋 https://willuhn.de/ Couldn't an NGO work politically for a standard, or found a co-operative bank?
@mupan @IzzyOnDroid In the US, banks don't follow standards. They do what they want. You would think that's a recipe for innovation, but no, they basically just mirror what the bigger banks are doing, which is totally bent on walled gardens w/propietary UIs. There is an extreme aversion for risk in US banking. No bank wants to try something that's different that hasn't been done before.
@IzzyOnDroid @mupan You might expect the credit union that is #FSF endorsed to be doing something that respects your freedom, but no, they're no different than other CUs. They outsource the app which ends up being the same proprietary Google playstore that other banks use only with a different skin, and custom logos
@resist1984 Well, I get that, but they didn't establish a standard here for single people but for the companies and authorities. And since they benefit from a standard, we still have it. That's the only argument that might work. Well, currently that's not the highest prio issue in your country, but hopefully there's other times coming up for you. @IzzyOnDroid
So users & the public can't audit the code. The bank is also untrustworthy. Perhaps you can trust your EU bank, but US banks are like a fusion between surveillance capitalism & police agencies. The only way to have a fighting chance at a trustworthy app is if it's signed #FOSS on #Fdroid.