Is it possible to allow sideloading and keep users safe?

> I think the bank has the right to say "your machine is too risky - we don't want our code to run on it."

I disagree. Let's go with preferring user agency until banks are in trouble.

> Again, it probably isn't fair to ban users who run on permissive software, but it is a rational choice by the manufacturer. And, yet again, I think software authors probably should be able to restrict things which cause them harm.

I disagree. Ban users when they cheat, not when they have the power to cheat.

Strongly agreed. Banking apps should run on on anything that can run them. Banks should not be the gatekeepers in charge of deciding what's a "good" or a "bad" device.

What if the bank abstained from evaluating your own stuff, and instead provided you with whatever they consider a 'good' device? Like a powered-up version of the TOTP hardware tokens they used to provide 15 years ago.

Instead of negotiating over what you do with your own devices, when you open a bank account they loan you a small, cheap, ultra-locked-down phone-like device that only runs the bank app and biometric verification. You may still use a web interface for online banking if you want a bigger screen and keyboard, but regardless all transactions need a confirmation through the bank's device.

This way you're free to do whatever you want with your hardware (including even not having one!), without requiring every bank to support every possible platform under the sun.