Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I’ll never forget when my damn sonicare toothbrush app warned me about my iPhone being jailbroken. Had to have been a troll by the creators of the app since not even some of my banking apps had that warning.


When I rooted my android phone a few years back, all of my banking apps worked (I had to use magisk hide for some I think) but the only app that would not work was the Macdonalds app... Not that I needed it, I never go there, but I thought it was funny that their app was more "secure" than some banking apps.


I can tell you from a few weeks ago that Santander definitely does care and magisk hide does nothing for it


Probably outsourced the app development and the contractors reused their boilerplate which included a jailbreak check.


As a security professional, I often get asked whether adding a root check is advisable. My general recommendation is to go ahead and implement it, but with a focus on data collection rather than taking action. For instance, you can log if a user is using a jailbroken or rooted device, without interfering with their experience. The responsibility for running a secure operating system lies with the users themselves, not the application. Applications that attempt to restrict how users utilize the app can be likened to malware.

Now, there might be instances where a business executive argues in favor of DRM or ensuring that certain coupons are limited to specific regions. In such cases, its sometimes suggested as a requirement to verify if the app is running in a simulated environment or is rooted. However, I can assure you that if you lock some kind of value behind this check and then rely solely on the operating system to provide this level of security, there will eventually be clever hackers who find ways to bypass the protection. The same principle applies to business-to-business apps that demand extensive control. In such situations, you need to rely on other software solutions or provide dedicated hardware. It's important to refrain from attempting to take ownership of my device, considering it's already under the control of Apple or Google anyway... /sarc. If you require stronger guarantees, I suggest reaching out to them.


I wouldn't be surprised if the apps did notice, but didn't take any action because it might be a hairy legal problem if they get between you and your money.


Banking apps locking you out when jailbroken is a major pain point for those who do, so I doubt that there is any legal issue.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: