←back to thread

Uncomfortable Questions About Android Developer Verification

(commonsware.com)
400 points ingve | 3 comments | 27 Aug 25 05:14 UTC | HN request time: 0s | source
Show context
whs ◴[27 Aug 25 06:13 UTC] No.45035995[source]
I used to run Shizuku for my phone to run Hail (an app suspension tool). Now that my credit card bank start checking for USB Debugging I stopped using the app (and now my 3DS OTP has to be over SMS). I believe there's only two banks left in Thailand that do not check for one and it is just a matter of time, because any time these banks could have hired any of those "security" people who will ask why don't we block that.

So I moved to Dhizuku. It's a bit hard to setup, but once I'm done it's felt like untethered jailbreak - I don't have to complicated dance to start Shizuku now. Dhizuku basically make your phone a company phone, except it report to you. To setup a "managed main profile" you'd need to remove all accounts visible in Android account system and type a long ADB command so I don't think it can be maliciously done.

I suppose this will be how we'll use F-Droid in the next year for enthusiasts.

replies(2): >>45036194 #>>45037193 #
cuu508 ◴[27 Aug 25 06:44 UTC] No.45036194[source]
Perhaps using the bank's website is an option?

I don't have a banking app installed on my phone. When I need to make a bank transfer I sit down at the computer.

replies(4): >>45036340 #>>45036346 #>>45036613 #>>45037314 #
1. pmontra ◴[27 Aug 25 07:04 UTC] No.45036340[source]
Not the parent poster but my bank uses its own mobile app for 2FA. No app, no website.
replies(1): >>45036472 #
2. cuu508 ◴[27 Aug 25 07:23 UTC] No.45036472[source]
Perhaps there's another bank you can switch to? Here we have a few mobile-only banks, but traditional banks with websites and physical MFA devices as an option too.
replies(1): >>45036669 #
3. ninjin ◴[27 Aug 25 07:50 UTC] No.45036669[source]
Sadly, traditional banks are very eager to get rid of dedicated multi-factor devices in favour of their own mobile applications. I have seen strong encouragement via nagging and some going so far as to start charging for physical multi-factor authentication devices.

Likely this gives them another way to milk information out of you, push their marketing onto to you, and saves them from having to manage physical devices. The obvious downside is of course a degradation in security and further cementing the duopoly and more or less forced participation in it that we as citizens have to endure.