I believe there are even actual Google employees that read these forums. And barring them, I believe there are even tech executives responsible for these policies that read this forum.
It's as if the last 30 years of technical evolution never happened and we are back at faxing signed forms and for extra security and applying triple rot-13 to guarantee no unauthorized access.
Yeah the big tech companies want to destroy the ecosystem of opportunity they benefited from, in order to protect their power. If it means a world with more needless bullshit for everyone, so be it
Sadly reminds me of the very early days of online video, where speed runners would video their televisions because screen capture devices were terribly expensive.
I'm not so sure. Back in my Windows days (95? 98, maybe?) if I played a DVD on my computer, the window that the video was playing in would be black if I took a screenshot.
A lot of early computer DVD playing was using hardware accelerated decode, with the resulting images bypassing the framebuffer. That means it won't show up on your screenshots, but it wasn't necessarily detecting a a screenshot and blanking the output (although, once software decoding was feasible, that may also have happened).
I remember this. I also remember the colour of the video window was something like 030303 and if you had that colour on any other window (including your wallpaper) you would see the video there as well.
Won't unlocking the bootloader make banking apps not work anymore? Had this issue when I tried LineageOS on my old phone, and I really like the convenience of those apps as opposed to using the website, which is extremely bad.
Also, how do I do all you said above? (I need a step by step tutorial). Also is it reversible? Are there any other security implications?
> Won't unlocking the bootloader make banking apps not work anymore?
Depends on how paranoid your bank is. There's this SafetyNet thing that checks for "system integrity". It's part of Google Services. For now, it's possible to bypass these checks using Magisk, but I've read that Google is testing the new method involving TrustZone — a hardware trusted execution environment within the SoC where you aren't one of the trusted parties.
> Also, how do I do all you said above? (I need a step by step tutorial).
There should be plenty on xda-developers.com
> Also is it reversible?
On Google devices, yes, completely. You can reflash the factory images that Google provides and relock the bootloader. On others... it varies, on Samsung especially.
> Are there any other security implications?
If you leave the bootloader unlocked, anyone with physical access to your device will be able to reboot it into the bootloader and load arbitrary code with OS kernel privileges. From there they'll be able to modify the installed system. They won't be able to read the /data partition [right away] because it's encrypted with your password/pattern.
IMO it's really a shame you can't re-lock the bootloader with your own signing key.
TIL about `fastboot flash avb_custom_key`. Certainly better than nothing, but seeing how it shows a warning on each boot in this mode, it most probably trips SafetyNet as well.
The worst I've found is a few apps that complain and push a bullshit scare story at you ("your device is insecure" LOL. My house is technically less secure because I have a key to it, too). Bank accounts are commodities and most banks have no monthly fees with no minimum balances. The easy answer is to choose banks based on who doesn't engage in user-hostile shenanigans (see also: snake oil "2FA"). Moving between accounts over the course of a few months is quite easy, especially if you do not write checks.
Also, if the phone has a vendor supported way of unlocking the bootloader, it will typically also trigger a wipe / factory reset (presumably because to keep DRM enforcers etc happy).
Your mileage might vary, but I'm using 4 banking app (one of them even disallow taking screenshot in Android 10) but they are working on custom rom (lineageos) with unlocked bootloader as long as I don't install root.
It's a cat-and-mouse game and unfortunately over the past handful of years it's been a losing battle for root hiding. It's why I gave up bothering with root despite having done it for nearly a decade.
If you live in a country where you have to use your phone for banking and can't use the web then you need to talk to your politicians. That seems like a pretty extreme violation of your freedom.
As much as I dislike the US at least we don't have that.
I live in the UK and have used 5 banking apps so far (not all of them at the same time):
- Barclays (App won't work with LineageOS, website is horrible).
- Monzo (App only, no website, works with LineageOS).
- Revolut (App only, no website, works with LineageOS).
- TransferWise (Web and App, both work well, but never tried it on LineageOS).
- ING Home Bank (App won't work with LineageOS, website is manageable, but still a pain compared to the app).
Of course I don't have to use any of these, but there are clear advantages to using any of them, depending on the situation (you wouldn't take a mortgage from TransferWise, split bills with Barclays, and hold foreign currency in Monzo, mainly because they don't support that). Also you don't have to use a phone, just walk around without one, make people email you instead of calling, and ask people for directions instead of looking at a GPS map.
My point is, I paid for my phone (me alone, nobody else chipped in) so I want to use every feature it provides without restrictions, as it is my property. That goes for both taking screenshots and using apps. And when it's not possible, I look for alternatives. Right now none are practical, nor feasible, so all I got left are tricks like scrcpy and rants on forums ;).
Question: if there's no website, how TF are you supposed to use Monzo or Revolut from a proper computer? Is there really no way to do something simple like xfer money or view balance without using your phone? If so, why did you even open an account, I'm assuming that since you are on this site you are at least a little bit technically inclined.
Just looked, and apparently Revolut is 1) app only 2) tied to a mobile number. So not only is it annoying to use, but likely also susceptible to sim jacking. Again, why would anyone want to use this; I hate having to deal with wells fargo (they bought a loan I have) but even they seem less crappy. Not trying to hate on OP, I'm just shocked at how crap their service appears to be.
> Question: if there's no website, how TF are you supposed to use Monzo or Revolut from a proper computer?
You can't. That's why you don't use them for serious work.
> why did you even open an account
Different use cases, different circumstances. I don't depend on them but they give good exchange rates and zero fees when transferring or spending money abroad. It's the "it just works" and "fast and cheap" effect that the traditional banks don't have. And opening an account is done online, and you get access to your account in hours, compared to Barclays which took 2 months of ping pong, when I first moved into the UK (since I did not have a bill issued in my name at my UK address I could not open an account, so I could not pay my landlord rent so I could get an address to open an account, fun times). Without that Monzo account I could have not been paid in my first 2 months.
But if you want to know how crap Revolut really is, try contacting their support to report a bug in their app, they don't have an email, but instead ask you to get in touch with them on Facebook.
Oh wow, that's even worse than I thought. Thanks for the explanation, that does make sense. I wonder if they could get in trouble for AML, or possibly Barclay's is just being overly picky with who they want as customers.
But seriously, not even a support email? Good God, I would trust PayPal with my money more than that; but I suppose they needed to hit all the fintech bingo buzzwords.
They have to do a KYC (know your client) check, which I assume they do a credit check on you, probably via Experian or another one of these. You also send a picture of your ID, and record a video of yourself saying "Hello, I'm $NAME and I want to open an account with $COMPANY".
The Barclay's part is just an old practice. How I ended up doing it after two months was by having a letter from my employer stating that I'm registered with them at a particular address. But what I learned from somebody else that went through this, after those two months, is that they could have said my "home" address was the address the company is registered at instead. This is how they've used to do it with other people that have hit this problem, it just didn't occur to me to ask for something like this, and it didn't occur to them to suggest this either since they assumed I had everything in order (since I already submitted my Monzo account for salary payments).
Monzo have a pretty comprehensive API that you can build your own web based interface around if you wish. If you look on github a ton of people have done that, all you need to do is clone the repo, plop in your Monzo api key and the jobs a goodun.
Monzo only seems to have and login for their business accounts. For personal accounts it's still phone only. And business accounts are a recent addition.
Revolut has login now, but you can't do anything there, except viewing your balance and blocking your card. And this is a new thing, maybe and beta version, otherwise they would have officially announced it somewhere, like in the bragging emails they like to send from time to time.
Some banks and bank-like products only make themselves available by mobile app. It's a commercial decision, and seems to have been a trend with some "challenger" banks.
I have two of those, and I chose them because of unique banking features (not the mobile app) not offered by other banks which I found valuable. It's nothing to do with the country.
To be honest it would be nice to have web access as well (or even phone banking), but we take what we can get.
It's never safe to bank from a computer you can't control. I would always consider a phone to be compromised. These are the richest targets going for exploits so why risk it.
Although I agree with you, it turns out which banks and similar facilities you use can greatly affect the amount of credit you have access to, how you can use it, and how long the process takes.
During this pandemic I've found that to be a big deal, much more important than whatever technology or access method is offered.
In Thailand the bank I have, Kasikorn, charges for ATM usage outside of the registered province even from the same network... UNLESS you use their cardless withdraw that uses some QR code for TOTP that requires the app (that will attempt to block phones with root access). You can use the website as well for some things, but it requires SMS-based OTP with no supported alternatives.
I'd switch banks or at least branches to this new province, but my current visa won't allow it (and for whatever reason, you cannot transfer accounts but need to open a new one).
It's not only the challenger banks: nowadays banks will also encourage you to use their app for 2FA. You can use a proprietary token instead, but you'd have to pay for it (the app instead is free). 2FA sms is not supported with some banks (and that's good).
I think the UK is an exception, since for 2 of the banks I had accounts with, they just used a 2nd "memorable" password as "2FA" (avoiding the requirement of a smartphone)
In which kind of bubble do you live where not making web apps available for your clients is seen as an extreme violation of freedom? As long as it is possible to go to the bank to do whatever you need to do, I do not think politicians have anything to say.
Sometimes you don't have to, but it's much more convenient. For example, I can use my bank app just with my fingerprint. To use the web app, I either have to login with my phone (reading a QR code) or have to use one of those devices where you insert your card and enter a couple of codes (if I find it...).
If some bank tells me I have to use certain app to make business with them, it's my choice to do it or not, but they are not violating my freedom. And I find saying this is an "extreme violation of your freedom" insulting for those who are actually seeing their freedom violated.
A dangerous game on anything other than Xiaomi phones these days, the only company to provide official bootloader unlock software, but yeah otherwise, go download it from some shady website and not have a care in the world about the most sensitive device you own.
> install Xposed
Last updated 2014 :\
You'd be safer shooting heroin into your eyeballs than installing Android root software from 6 years ago.
There are definitely more manufacturers that provide an official way to unlock. For some others you have to remove the backplate and short some pins or whatever. These days it's probably more convenient to just use one of those root boxes though.
Prove me wrong anytime folks, I'm sure you can at least flail around and try, or at least mash the squeal button that you all like so much.
How exactly do you unlock bootloaders from modern phones (past 2 years)? You get jailbreaks from the internet and sideload them right? Do you disassemble the binary code? Does it void your warranty? Which mobile device manufacturers offer official bootloader unlocks today? There's only one I know of.
Did i happen to mention the big bad China company in a good light to warrant such disdain for my as yet undisputed comment? Is that the problem here?
You install adb from Google and run one command. That's how you unlock a bootloader.
As for root, yes you have to install something which is Magisk which is open source and vetted and had been around for around 5+ years.
My wife that has never done it just did it for her new pixel 4a a few weeks ago. All I did was direct her to a step my step tutorial (I vetted the tutorial) and she did it flawlessly.
My Samsung A40 from 2019 has an unlock bootloader option in the Developer Options. I didn't check what it does neither I googled it but it's promising.
Unlock the bootloader, install Xposed and this module: https://repo.xposed.info/module/fi.veetipaananen.android.dis...