GrapheneOS

[cckuhqilfownnfctux]

because there is no "bank app" for a laptop or desktop. my banks force their customers‌ to use a smartphone.

I'm not talking about bug reporting but about⁠ all networking functions. for example by default you use GrapheneOS's DNS servers instead of Google's,⁤ so now GrapheneOS knows which sites you visit.

 

[cherry]

Sure. I was referring to‍ the 1/5th that still have the web version.
But who is the "you" visiting the sites? There is no account or identity tied to⁣ the phone. Take the Jan 6 protests: Apple and Google told the government who was⁢ there because those people have Apple and Google accounts on their phone, plus likely a︀ phone contract. If you're on a PAYG or some other unregistered phone, there is no︁ "you" tied to it unless you get sloppy.

 

[cckuhqilfownnfctux]

of course I use the web version with these banks! 😀
by the‍ way these old-school banks who still maintain a web interface are the least troublesome. I've⁠ had almost no problems with them, for example once my account was blocked, I've called⁤ the bank and the support told something like "please come to the nearest branch with⁣ your passport", but after I've said that I reside in a different country they've answered⁢ "okay we will check what we could do", and unblocked the account on the same︀ day, without a 2nd phone call.
and the most troublesome banks are those new-school banks︁ with smartphone apps and "neobanks" that work fully online and do not even have physical︂ branches.

well I did not check it myself but I believe each Pixel has an︄ unique ID and shares it with GrapheneOS servers. if you are curious you could create︅ a WiFi connection on a laptop, connect your Pixel to a laptop and sniff its︆ network requests to see what it sends.
sorry, I am too lazy to check it︇ so I will just keep my belief.

 

[cherry]

Agreed. I only use old-school banks, if I have to use them︂ at all. I suppose if I did have to use one of the app-only platforms,︃ I'd do it all on a tablet or some phone that is switched off the︄ rest of the time. There are also Android emulators on Desktop that I've used in︅ the past.
Yes there︊ probably are unique IDs - MAC address, IMZI, IEMI - but as long it is︋ not tied to your identity (like an account with your name on it), all that︌ is recorded is phone#676329763 watched a p***O site. VPN and MAC spoofing will help further︍ obfuscate your identity further.

 

[cckuhqilfownnfctux]

I do not mean⁤ MAC/IMEI/IMSI/etc but some kind of an "advertising ID" used by all generic Android phones. if⁣ you have one without GrapheneOS you could find that ID somewhere in the settings.

 

[cryptofriendly]

Show me one bank in SEA that still offers web‍ banking, I would be glad to switch.

Regarding Japan, they all still offer it, but⁠ you can't have an account as a non resident.

 

[intlman]

While I try and avoid banks like the‍ plague, HSBC (HK and SG) still offers web-only banking (complete with a physical security key).⁠

 

[daniels27]

Yes. But‍ you won't be able to use certain functions like the free send as a local⁠ function
https://www.hsbc.com.hk/transfer-payments/products/international/

Also, afaik you can only add recipients in the app, while you can⁤ only remove them in online banking.

I honestly do not know what that app fuss⁣ is about. Why not just use online banking and let users "install" the webpage like⁢ you can do with OCT. If they then resort to passkeys for login, it would︀ be both safe and easy on both phone and computer.

Maybe it is just me,︁ but I never understood apps when they emerged nor do I now. It is just︂ a html container pinned on a desktop for the very vast majority. No need to︃ compile code etc.

 

[cherry]

GrapheneOS has no Advertising ID:

"The advertising⁠ ID is a Google Play services feature not included in the baseline Android API, so⁤ it isn't an API included in GrapheneOS."
https://grapheneos.org/faq

If you use these phones sensibly, it's⁣ much safer than Google or iPhone.

 

[cckuhqilfownnfctux]

the majority of the "apps" are indeed just⁠ a web browser opening the app creator's website.
but remember that your data is money,⁤ the more information about you they could steal the more money they could earn by⁣ selling that data to the third parties. while the generic web browser on a computer⁢ leaks a lot of information about you, this is almost nothing compared to a phone︀ app which could steal just about everything, including your cat's maiden name, what you eat︁ for breakfast and what color is you shít afterwards.
so this is the true reason︂ why everybody is closing their websites and pushing the "apps" instead which are nothing but︃ a web browser with one single predefined website.

 

[daniels27]

Exactly this. But what bothers me from that perspective is:

• Banks claim it to be for security / data protection reasons.
  
• The customers have little power⁠ to prevent this.
  

Maybe the accessibility regulations if the EU will change something but still⁤ I am feeling unwell that the market itself has little influence. We once had a⁣ long discussion about this, but seems somehow regulations are the only way.

 

[0xDEADBEEF]

You’d think so, but regulations are actually pushing banks to collect even more data. Take the‍ Netherlands for example, the government is pushing Telcos to share call data with banks under⁠ the excuse of fighting technical support scams. It’s a slippery slope, and it’s hard to⁤ ignore the bigger picture: more surveillance, less privacy, all wrapped up as fraud prevention.

 

[cherry]

For Android emulators, I use Waydroid for Linux. While I haven't tested a banking app,‌ I've tested other apps like WhatsApp and it works seamlessly. I think the banking apps‍ are worth testing out.

 

[cherry]

Another reason to switch to GrapheneOS. The UKSSR is taking the lead as usual.

 

[void]

so after a short experience on Pixel 9 Pro I can tell this
- installation‌ was easy, the system is stable
- I feel more in charge and like actually‍ owning the device (might be a false feeling though 😉) compared to classic Android
- the battery life improved significantly
- it's not a solution for an average Joe (I⁠ guess not meant to be) as I feel exactly like after first time installing VMware⁤ ESX - you get a minimal layer on top of the hardware and the rest⁣ is your job (one has to create it's on DHCP server, firewall and NAS to⁢ be able to move forward) and the same is with Graphene OS... one has to︀ design his own "architecture" from scratch - not saying it's necessarily wrong, but definitely something︁ with a potential to push away many users
- a little disappointment (or lack of︂ knowledge/experience?) is no support for isolation of apps inside the same profile which is something︃ I intuitively expect as most of the apps should have zero need/information about what else︄ is running in the same system and no ability to touch the data of other︅ apps - to achieve this with profiles is practically impossible as I would end up︆ with tens of profiles
- also built in firewall would be something appreciated as granting/revoking︇ network access is mostly insufficient and a fine-grained control over the network activity of the︈ app would be very useful

 

[daniels27]

You report it appreciated. Will you keep using this as your primary phone?

 

[CryptoKnight]

I use it for my special work phone and absolutely love it! It's fast, simple‌ and minimalistic in design and like the user above says it does make you feel‍ more in charge and like you actually own the device. While you can never be⁠ a 100% safe when it comes to any electronics it does make me feel as⁤ safe as I can be with a smartphone. Of course if you don't have any⁣ OpSEC it doesn't matter what system you have. It does have a lot of cool⁢ security features such as automatic reboot (which puts it into BFU mode), you can change︀ permissions for the USB-C port to only allow charging (meaning no data transfer), you can︁ randomize your MAC address on WiFi networks and many other useful security futures. Sure, you︂ can't use a lot of banking apps, but there are other solutions for that like︃ using a separate phone/tablet for that specifically.

If you ask me everyone involved in sensitive/confidential︄ businesses should be required to have one. In fact everyone I work with seriously is︅ required to have one (yes I live in EUSSR) even worse (SwedenSSR) where they don't︆ even require a court order to listen to you or your relatives phone calls, read︇ your messages, etc. Only the Paranoid Survive!

You can use an app called︌ Shelter to create a clone of each app you have, this doesn't require you to︍ switch between profiles and you can use them simultaneously. It's very useful.

 

[void]

yep, I'm aware, currently using Insular for⁠ the same purpose
I just wish graphene would have native support for app level isolation⁤ as profiles are to coarse... but it's just me, might work well for others

 

[void]

with Android 15 comes also the Private Space feature that is native and one doesn't‌ have to rely on a third-party app... however the design is rather idiotic as it's‍ one single private space shared by all your "private" apps - not sure who can⁠ come up with this 🙄

 

[kunafa]

I am using GrapheneOS and all banking apps (about 5) work without issue. If you‌ can live without AirTags/Find My/Apple Pay/Google Pay then it's totally worth it to preserve some‍ autonomy over your digital life and break free from Google/Apple ecosystems.