Your bank will certainly implement this
My brother in Christ, it was 2020 before my bank supported passwords longer than 8 characters. We have 30 or 40 years before we need to worry about the banks.
Some banks are still running windows 98 internally, admitedly so long as said system isnt connected to the internet it should be fine.
Lol, not to mention Cobalt and other horrors that are lurking in Legacy systems no one has looked at in 50 years.
I’m thinking mainframe terminals, where the character has to be in the right place on the screen in order to store something in RAM.
Even worse, how many systems are still using punch cards? How often do those cards need to be replaced?
You may think so but hackers have managed to access data on air gapped computers
@xavier666 @vaultdweler13, it’s true, For internal use with PCs connected to the central server itself and not to the network, it is used for compatibility with corporate software, sometimes still very old Windows. This, when using it on the one hand only in a specialized way and on the other hand only locally, is more than enough. The same in factories in production for the automation of some valve or machinery with repetitive processes, a super-pc with a NASA OS is not needed.
Have you ever rooted an android phone?
The google SafteyNet Attestation is the precursor to browser DRM. It’s essentially phone DRM.
There are many banks that have apps that require you to pass at least the basic level attestation, if not the CTS profile matching that fails the moment you modify any system level resources, even the bootloader
luckily you can force disable CTS so it falls back on the basic level, for most apps at least. You will never have access to Google or Samsung pay though, as it actually knows your phone model should support CTS and will autofail if it no longer reports that it does.
Alongside that apps like Pokemon GO and Netflix also require at least basic attestation to function - demonstrating the DRM and anticheat capabilities of such a system.
https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf
This can help you pass CTS. It worked for me. Funny thing is, I don’t even remember which app I did it for. Whatever it was, I ended up not using it after all the trouble. As for my banking apps, they only care about root, so Magisk’s denylist does the job.
Nah, I’m still running a stock ROM on a pixel 3a. Looking at this guide, it looks like this tool is dead. So unless it works on android 12, I can’t use it.
Enabling strict denylist actually causes my phone to break, it will randomly cause my phone to freeze up, and fail to load on phone unlock to the point I have to go into safe boot to disable my Magisk modules, only then will it boot correctly. - maybe I’m denying the wrong system apps for strict mode to work. I have still added apps to the denylist, however.
Im currently using universal Safetynet Fix to pass basic Attestation, and the only thing that fails to work is google wallets “tap to pay” feature. Which doesn’t matter as my NFC reader is broken in any case.
I find it funny how the most root-resistant app I’ve ever encountered is McDonald’s coupons app. I can trick Google Pay into working on my rooted phone, I tricked Revolut and two national banks. Heck, even my government-issued digital ID was tricky but I eventually got it working despite root and unlocked bootloader, both of which it didn’t like. But McDonald’s? None of the workarounds work whatsoever .
Yes, US banks.
Banks in europe are much more up to date with tech.
They have APIs to sink transactions with external providers like nordigen API.
They have 2FA that is linked to your national identity card which is chipped
Nationally used apps that are universal 2FA linked to national IDs that banks, medical, and government services all tap into
Everything is contactless payment nowadays, the US just recently started contactless cards
Inter-bank transfers without external apps like venmo
There are MANY problems with EU people getting their banks to work on a rooted phone.
They will absolutely implement DRM if someone sells the bullshit to them under the illusion of “safety.”
Hell, the US had handwritten “vaccine cards” for covid while European nations even had open source user spinoffs on nationally funded apps linked to national IDs to manage COVID vaccination and testing passes.
