Mastodawn

@floriansnow @fsfe i use banking webapps installed as PWAs

@cybertailor @floriansnow @fsfe And how do you handle authentication?

@floriansnow @fsfe mostly one-time SMS codes, while some banks allow to set a PIN code to their webapp

@cybertailor @floriansnow @fsfe And the PIN is then the only thing needed to do a transaction?

@floriansnow @fsfe transactions between my bank accounts don't need confirmation. Everything else — one-time SMS code

@cybertailor @floriansnow @fsfe That’s good to know! I’m curious how long the bank will support authentication via SMS because many banks discontinued that due to security concerns.

@floriansnow @fsfe two apps on the same phone also don't give much security, as you've noted

Jure Repinc

Feb 23, 2024

@floriansnow @fsfe For people in Slovenia there is a similar online banking analysis made by @hook
https://www.na-prostem.si/clanek/suverenost-uporabnika-slovenskih-mobilnih-in-spletnih-bank

Suverenost uporabnika slovenskih mobilnih in spletnih bank

Analizirali smo spletne in mobilne banke 16 bank in prišli do precej mešanih zaključkov. Npr. vse spletne delujejo na Firefox in Linux, a le 9 brez potrebe po pametnem telefonu, in samo 4 nudijo uporaben izvoz transakcij. Če želimo biti neodvisni od Googlovih storitev, pa pride v poštev le 11 bank.

na-prostem.si

@JRepin @floriansnow @fsfe @hook Thank you! That’s very good to know!

Matija Šuklje Feb 23, 2024

@floriansnow, there is also this list, if it helps you any further:
https://community.e.foundation/t/list-banking-apps-on-e-os/33091

@JRepin @fsfe

[LIST] Banking Apps on /e/OS

This is an editable list of banking apps that work on /e/OS. Please enter details only after you have tested all features of the application. If some functionality is not working mention that in the comments. Looking for contactless payment? See this article. TLDR: Curve app for customers, Zettle app for merchants. Country Bank App Name Status Comment WorldWide Revolut Revolut Works only with pre-installed /e/OS and locked bootloader Confirmed working on Murena Fairphone 6 with prein...

/e/OS community

@hook @floriansnow @JRepin @fsfe Thank you! However that’s a list of non-free apps, right?

Matija Šuklje Feb 23, 2024

@floriansnow @JRepin @fsfe yes, but those that work on AOSP (+ microG), so at least they work.

There's many that require Google Play Services.

@hook @floriansnow @JRepin @fsfe True, at least that keeps the system itself mostly free.

silberhaeckse Feb 23, 2024

@floriansnow @fsfe
I use as GnuCash as Hibiscus with JVerein for a German association.
Both work with chipTAN

silberhaeckse Feb 23, 2024

@floriansnow @fsfe

All applications are available in the @debian repo

Sunboy

Feb 23, 2024

@floriansnow @fsfe No, I use non-free software for the convenience. But I will transition when I move away from phone numbers to self-hosted mail / XMPP.

@ssunboyy @floriansnow @fsfe Let me know how it goes 😊

[email protected] has moved Feb 23, 2024

@floriansnow

@fsfe

Can't do with #freesoftware. Poland here. Requires google play services. God knows why ? Using a separate profile on my #grapheneos phone.

@as400 @floriansnow @fsfe It really sucks because there’s no real reason to lock anyone out.

@floriansnow @fsfe Italy, big bank.
Just the original app, obligatory installed from the play store.
It asks for your pin to enter, to perform operations, and to login from the desktops.
Tied I think to your mobile number or id.
No way I can login using free software.
In very special cases you can ask for a one physical OTP, but they did very expensive.

I think one part of the discussion should be on how people deal with pins, passwords or even key files. Lost, shared, written on a post-it ...

@rickyx @floriansnow @fsfe Do they have an answer to saying “Your app is not available on my app store?” (F-Droid)

@floriansnow @fsfe I tried with Aurora store but they block the app. Talking with support they told me it should be installed from the app store.

@rickyx @floriansnow @fsfe Well, Aurora is the Play Store. What I was meant is saying something along the lines of “I don’t have this store on my phone. What now?”

@floriansnow @fsfe they can recognize the flow differs, don't know how.
They don't support other ways.
So buy a new phone or close the account.
They are huge, we are a niche: they don't mind or they simply don't think it is a good trade-off between security, costs, support... I don't know...

@floriansnow @fsfe ah, ...or use the physical OTP with costs, don't remember exactly but too much without reason, just to push people on the app.

Yoan Feb 24, 2024

@floriansnow @fsfe I've been using @murena smartphone under /e/OS for a month now, and whatever it's for pro/associative/personal banking, the default apps of my banks all worked pretty well. They are not #freeSoftware but they run on a free OS 😜
First, all were available on the App Lounge (the /e/OS store), which is a good start.
Then, most features work, including TOTP on all my banks. Except:
- Contactless payment (not supported by microG)
- The optional "smartphone pairing" feature of 1 bank

Yoan Feb 24, 2024

@floriansnow @fsfe @murena That "pairing" is not compulsory to perform risky operations since SMS is a fallback option. The feature advertises itself as "a way to validate operations through push notifications instead of SMS".
I could not activate it because "check that you are using an official Play Store". It probably relies on some proprietary Google "security" service that tells that the smartphone is bricked or whatever. So I complained arguing that I use the official store of my phone 😁

Florian Snow Feb 25, 2024

@myoan @floriansnow @fsfe @murena I think that’s a very good way of approaching the bank. How did they respond?

Yoan Feb 26, 2024

@floriansnow @fsfe @murena Currently they just forwarded the message to their technical team because 1st-level support probably does not understand much.
I expect a basic "sorry, your phone is unsupported", though. But if every /e/OS user made that reporting effort, that could only improve awareness of non-Android-and-non-iOS phones
#ToBeFollowed ...

Yoan Feb 26, 2024

I use the same approach to raise awareness about Fedi:
Every time I receive a satisfaction survey, in the free comments I complain that their service is not represented on Fedi (especially for public services).
When I'm asked "How did you hear about us? I usually lie and tell "via Fediverse". It's been true 2 or 3 times though 😄
@floriansnow @fsfe

Yoan Mar 8, 2024

@floriansnow @fsfe Surprisingly, the bank acknowledged that I was running a non-Android phone and proposed to download the Huawei App Gallery store in order to finally download the bank app designed for Huawei phones. That app version is de-googled because of the american sanctions on China. However, that version of the app caused other technical problems so I could not even attempt the pairing.
Thus, that ended with the expected "sorry our app is not compatible with /e/OS phones".