"debugger vendors in 2047 distributed numbered copies only, and only to officially licensed and bonded programmers." - Richard Stallman, The Right to Read, 1997
I only have Linux PCs (laptops) and servers, 100% of my work and personal stuff is done there (though for work I do need to hop into MS365, Google Workspace, Zoom, etc, hooray for browsers, my final firewall between me and the walled gardens, though we can have a whole discussion on that).
For mobile, we have PostmarketOS, Phosh, Ubuntu Touch. I really must try living in them, is it on me? IDK, our government even has an identity app for iOS and Android. I should not be using it, I should stick to web. But its so much more convenient. I'm just weak, aren't I?
Maybe I should go for Ubuntu touch, with an iPad on the side or something. At least my most personal device is something I control then. Or just keep my Linux laptop handy (or make a cyberdeck!). But I want a computing platform that does not require carrying a bag. It's kinda sad. Even GrapheneOS (one of the most personal and secure mobile computing experiences out there)'s future is in the hands of its greatest adversary, the one that does not want you to have a personal computing experience.
I cannot imagine a legal defense for forcing someone to accept the terms of service of Apple or Google to use their bank account.
My bank's app recently started warning me that I should "Turn off developer mode" for """security""" on every sign-in. This warning doesn't stop me from using the app yet, but I'm sure it'll get there.
It's impossibly convenient to be perfectly fair with you, however I know that my bank has stopped issuing the "BankID Card" (which was a card and pin device that allowed you to generate challenge numbers)- and now forces you to use the BankID app -- which will not run on rooted phones of course.
It's even slightly worse as the App requires NFC; so I can't keep a backup on my iPad (which is what I was doing before).
It shouldn't be a thing, but it is. In the Netherlands the newer digital-only banks are allowed to do this. No smartphone, no service.
The more established banks (systeembanken) do have alternatives, but realistically not using their app for login auth and transaction approval is a huge pain in the ass.
(My bank, ABN AMRO, has an app which thankfully works fine on GrapheneOS.)
My banks all require their own individual apps for authentication and authorization. I can use the website but to log in and authorize any transactions I need their app. Ironically this runs on my 8 year old Android 10 phone (used as a backup) so security can't be part of it.
https://grapheneos.org/articles/attestation-compatibility-gu...
I doubt very much that it is possible for this practice to be legal, i.e. to condition the services of an European bank of the existence of a contractual relationship with a third party, which is non-European.
Nevertheless, nobody has enough spare time and money to challenge legally such banks.
Now I do my operations mostly through other banks that still have browser-based online banking, but I have not closed yet my last account at such a Societe Generale subsidiary, because I have regressed to use an antique SMS-based substitute for online banking, which is good enough for that account, which I keep only for a credit card used mostly for shopping in supermarkets or the like.
On the last change my bank made me call to their hotline (even though everything else is possible to be done online) to keep using a separate hardware device - which ended up being just "so, you don't want to do it on a phone?" - "yep" - "ok, should be with you in a week or so".
I nowadays consider my phones pretty much throwaway devices - I don't have full control, I can't fully trust them. Plus they could be stolen, break when I drop it into water outside, ... - so I think it's ridiculously stupid to tie anything important to a phone as main authenticator.
Overall the usefuleness of a phone has been declining steadily - the selling point of a smart phone originally was that I have an app, and because it's a reasonably trusted device it'll store credentials, and I can use the app without logging in every time. By now most of the apps are just repackaged websites, and because of that - and because they don't trust their backends - we now have quickly expiring tokens in use in the apps as well. Most of the apps I don't use every day - and over the last few months every single one wanted me to log in again next time I used it.
Adding to that the nonsense of "there's a new app available, download that first before using" which typically doesn't add anything of value to me, and we're now at a state that not only does the typical smart phone app not offer a benefit over just using a website - it now often is even worse than just using a website.
I barely use my bank's website and could easily not use it at all and still have all the functionality that a bank provides.
In the Netherlands (and beyond) online payments (shops, Steam, etc.) are made via the IDEAL platform run by the Dutch banks collectively. That is a good thing, because payments are secure and easy, and no one needs a credit card. But that does mean using your bank's web service to approve those payments.
Using the bank's offline OTP hardware (where you insert your debit card and enter a PIN and the code generated by the bank's website for an OTP) is possible, but using the app is significantly less effort than that. There is very little point in resisting it. It's not a healthy situation, but it is the reality.
If you install the app then you are complicit in normalizing the requirement of signing terms of service and data sharing agreements to US technology companies in order to do banking.
Be the person that demands better. Be the squeaky wheel. Call politicians and press if needed. Stop this shit now before it becomes expected for school and healthcare too.
Feel free to say you are a member of the Church of Cryptography and that installing proprietary corporate controlled apps is against your religion.
Never been asked to install an app for banking, but a health care clinic dropped me as a patient for not buying a phone that can install their app. I was the first case where a patient refused to conform. Found a new clinic who was willing to earn my business with phone and email correspondence. The original clinic escalated the case to corporate HQ when I filed a public medical malpractice complaint, and they ultimately responded by adding a webapp.
DEMAND the right to live your life without corpotech in your pocket. I am now 5 years without a smartphone working as an engineer and founder with an active social life who frequently travels and it can absolutely be done.
The only issue I had on GrapheneOS was that I had to play with the location permissions a bit when I wanted to copy the BankID to GrapheneOS from another phone (I've got some pictures of that in this blog post: https://www.jonashietala.se/blog/2025/08/28/ill_only_buy_dev...).
All other Swedish bank accounts I've tried have also worked great (including Swish).