It’s almost already like this. In my country every single bank reinvented the wheel by creating a single purpose app which does what aegis does (otp generation from a seed) but with some bits changed (one for example “encrypted” the seed with ROT13) and with draconian measures like bootloader must be locked, adb must be disabled, and are using literal exploits to see if you have “forbidden” directories on /sdcard like/sdcard/magisk even if no file access is granted
it’s not almost worldwide? By reading all the forum posts with us nerds damning the bank app developers for the antiroot checks, it seems a widespread problem
in order to login on the bank webapp, a token must be generated on a dedicated smartphone with all the google spyware installed, and the app that generates the token refuses to run if the bootloader is unlocked, or if the device is not “certified” by google
It’s almost already like this. In my country every single bank reinvented the wheel by creating a single purpose app which does what aegis does (otp generation from a seed) but with some bits changed (one for example “encrypted” the seed with ROT13) and with draconian measures like bootloader must be locked, adb must be disabled, and are using literal exploits to see if you have “forbidden” directories on /sdcard like/sdcard/magisk even if no file access is granted
Which country?
it’s not almost worldwide? By reading all the forum posts with us nerds damning the bank app developers for the antiroot checks, it seems a widespread problem
Nah, Half of the credit unions in the US use online banking software that uses TOTP for 2FA.
My bank in EU does not, so I have to have a physical hardware token to generate OTPs, due to broken regulations
Please expand
in order to login on the bank webapp, a token must be generated on a dedicated smartphone with all the google spyware installed, and the app that generates the token refuses to run if the bootloader is unlocked, or if the device is not “certified” by google