Even if you have a smartphone and you carry it around with you, you're going to be blocked out from some services if you don't have access to either Apple's App Store or Google Play.
I've had to shut down my accounts in two banks because of surprise app requirements (that weren't in the contract) for basic account functionality. Their apps are only available trough App Store and Google Play, no .apk alternative. And even if you install the apps using Aurora store, the app instantly crashes, I suppose because they implement Google's SafetyNet, or whatever it's called now.
So, unless I want to buy and carry around an extra phone for completely bullshit reasons, I'm limited to only using one bank, the only one in my country that still doesn't require an app for the type of account I want. I've thought of buying a phone just for the apps, but after that, who knows with what other bullshit they may come up with (your device is too old, it doesn't have a phone number associated, etc), so I just give up.
How common is it for financial institutions to require the use of a mobile app? In the US, none of mine do and, in fact, I use the mobile apps quite rarely. (The main thing I do once in a blue moon is to deposit checks using my bank's app on my phone.)
> How common is it for financial institutions to require the use of a mobile app?
In .cz, about third of banks require a smartphone app, about third allows SMS authorization at an extra fee and about third has SMS authorization free. However, this all happened in the last few years and every few months some bank announces it's moving towards the app group.
The spicy part is that most banks use the app as the only factor, not as a second factor (as it was with the SMS, where you had password for web banking + SMS authorization as a 2FA). You therefore cannot use a noname-brand Android with vendor-provided crapware, as your security depends on it. I don't know what I would do if I didn't have an employer-provided iPhone.
How do they do it? For example, there is no "authorization" app, only a full-blown mobile banking with full permissions that has the "authorization" as one of the features. Or there is no password for the web banking (wtf!), only a username which is your national identity number and therefore widely known.
The even spicier part is that many banks give you pre-approved loans which are impossible to reject, and therefore if someone hacks your account, not only they steal your balance, but even overdraw.
>unless I want to buy and carry around an extra phone for completely bullshit reasons
Owning a separate, dedicated piece of hardware for sensitive and critical activities (eg: banking) is a very good idea because it isolates them from all your other mundane, potentially risky activities.
Most people don't do this because of the various inconveniences and expenses involved, but if you can tolerate them it's about as safe as digital activities can get.
It is even better idea if it is not a smartphone at all but a dedicated simple security device! Smartphones are a constant security risk alone!!
I had multitudes of non-smartphone based security devices in my life, cheap and dedicated small secure things, but those are endangered species now regrettably.
I did get a dedicated device specifically for banking apps. I installed GrapheneOS with sandboxes Google Play Services.
The banking apps still won't work. They insist on some signal from a SIM card "for my security," and I'm not willing to put a SIM card in a device that won't ever leave my house.
That's the only one I know of at my bank that's mobile only. (And for how frequently I deposit checks, going to an ATM wouldn't be a big deal.) I realize other banks may have more de-featured web sites.
Because sometimes you want to check banking services on the go. Or you get a notification on your email and want to open the app to check. Or it's much quicker to log in with fingerprint. Or so you can quickly zelle someone on the go. Or because why do you want to go and pull out our computer and turn it on and log in and waste all that time when you have mobile computer in your pocket that's always on and always connected and not in your backpack in the corner somewhere. I know a lot of people who only have a work laptop and use their phone for everything else.
A device with required connectivity to network, built in eavesdropping and tracking - that hardly qualifies as dedicated to sensitive and critical actities.
It doesn’t take much effort to remain relatively safe on the internet so you don’t have to resort to dedicated hardware just for banking. Don’t install sketchy apps that you don’t need and stop clicking on every link that you see – that’s pretty much it. I found that this basic internet hygiene has a nice side benefit as well – it forms a habit of avoiding superfluous and/or crappy content altogether.
You might be fine having apps as closely tied to your real identity as your banking app on a device that's constantly collecting location and other data about you, but privacy is important to some other people.
That's relatively logical. Banks have to issue payments on your behalf, and the most common signal of scams is attempts to make purchases from random new locations.
no other app does this with far greater number of users so i don't see how this is relevant. so i cannot use my banking app because i am on a vpn? nice
> so i cannot use my banking app because i am on a vpn? nice
Bank's goal is to prevent access by people other than account owner. When it comes to the VPN usage, there are a few risk factors:
- Concealment of connection. Malicious actor will likely use a measure to hide the request origin.
- Accessing from another country or region, human factor (a common use case of VPNs). Instant thousand miles away teleportation is usually a sign of access attempt with stolen information. While you may be smart, a lot of people aren't and will gladly tell all the info to "bank security agent calling to ask for some information to prevent your account from being suspended".
- Accessing from another country or region, legal factor. Banks in some countries may even legally require a notice in advance before using its cards or services abroad.
- Usage of known publicly available service. Multiple users using the same address makes it harder to tell genuine and malicious users apart, so it's better to not leave it to the chance.
the thing is, these apps at least in india are TIED to your SIM and phone.
if you remove your bank linked sim card from your phone, the app wont work. if you change your phone, the app has to be re-registered so its like that.
what i am saying is, the threat model of concealment and another region or another person is already dependent upon the owner owing their phone. if its stolen, the first thing to do is to disable access
I've had to shut down my accounts in two banks because of surprise app requirements (that weren't in the contract) for basic account functionality. Their apps are only available trough App Store and Google Play, no .apk alternative. And even if you install the apps using Aurora store, the app instantly crashes, I suppose because they implement Google's SafetyNet, or whatever it's called now.
So, unless I want to buy and carry around an extra phone for completely bullshit reasons, I'm limited to only using one bank, the only one in my country that still doesn't require an app for the type of account I want. I've thought of buying a phone just for the apps, but after that, who knows with what other bullshit they may come up with (your device is too old, it doesn't have a phone number associated, etc), so I just give up.