GrapheneOS

[cckuhqilfownnfctux]

Why don't you use a laptop or desktop then?

because there is no "bank app" for a laptop or desktop. my banks force their customers to use a smartphone.

You can keep optional reporting disabled in the case of crashes or bugs.

I'm not talking about bug reporting but about all networking functions. for example by default you use GrapheneOS's DNS servers instead of Google's, so now GrapheneOS knows which sites you visit.

 

[cherry]

because there is no "bank app" for a laptop or desktop. my banks force their customers to use a smartphone.

Sure. I was referring to the 1/5th that still have the web version.

I'm not talking about bug reporting but about all networking functions. for example by default you use GrapheneOS's DNS servers instead of Google's, so now GrapheneOS knows which sites you visit.

But who is the "you" visiting the sites? There is no account or identity tied to the phone. Take the Jan 6 protests: Apple and Google told the government who was there because those people have Apple and Google accounts on their phone, plus likely a phone contract. If you're on a PAYG or some other unregistered phone, there is no "you" tied to it unless you get sloppy.

 

[cckuhqilfownnfctux]

Sure. I was referring to the 1/5th that still have the web version.

of course I use the web version with these banks!
by the way these old-school banks who still maintain a web interface are the least troublesome. I've had almost no problems with them, for example once my account was blocked, I've called the bank and the support told something like "please come to the nearest branch with your passport", but after I've said that I reside in a different country they've answered "okay we will check what we could do", and unblocked the account on the same day, without a 2nd phone call.
and the most troublesome banks are those new-school banks with smartphone apps and "neobanks" that work fully online and do not even have physical branches.

There is no account or identity tied to the phone

well I did not check it myself but I believe each Pixel has an unique ID and shares it with GrapheneOS servers. if you are curious you could create a WiFi connection on a laptop, connect your Pixel to a laptop and sniff its network requests to see what it sends.
sorry, I am too lazy to check it so I will just keep my belief.

 

[cherry]

of course I use the web version with these banks!
by the way these old-school banks who still maintain a web interface are the least troublesome. I've had almost no problems with them, for example once my account was blocked, I've called the bank and the support told something like "please come to the nearest branch with your passport", but after I've said that I reside in a different country they've answered "okay we will check what we could do", and unblocked the account on the same day, without a 2nd phone call.
and the most troublesome banks are those new-school banks with smartphone apps and "neobanks" that work fully online and do not even have physical branches.

Agreed. I only use old-school banks, if I have to use them at all. I suppose if I did have to use one of the app-only platforms, I'd do it all on a tablet or some phone that is switched off the rest of the time. There are also Android emulators on Desktop that I've used in the past.

well I did not check it myself but I believe each Pixel has an unique ID and shares it with GrapheneOS servers. if you are curious you could create a WiFi connection on a laptop, connect your Pixel to a laptop and sniff its network requests to see what it sends.
sorry, I am too lazy to check it so I will just keep my belief.

Yes there probably are unique IDs - MAC address, IMZI, IEMI - but as long it is not tied to your identity (like an account with your name on it), all that is recorded is phone#676329763 watched a p***O site. VPN and MAC spoofing will help further obfuscate your identity further.

 

[cckuhqilfownnfctux]

Yes there probably are unique IDs - MAC address, IMZI, IEMI - but as long it is not tied to your identity (like an account with your name on it), all that is recorded is phone#676329763 watched a p***O site. VPN and MAC spoofing will help further obfuscate your identity further.

I do not mean MAC/IMEI/IMSI/etc but some kind of an "advertising ID" used by all generic Android phones. if you have one without GrapheneOS you could find that ID somewhere in the settings.

 

[cryptofriendly]

Horrible choice of banks then. How about Japan? I thought MUFG still had a website?

Show me one bank in SEA that still offers web banking, I would be glad to switch.

Regarding Japan, they all still offer it, but you can't have an account as a non resident.

 

[intlman]

Show me one bank in SEA that still offers web banking, I would be glad to switch.

While I try and avoid banks like the plague, HSBC (HK and SG) still offers web-only banking (complete with a physical security key).

 

[daniels27]

While I try and avoid banks like the plague, HSBC (HK and SG) still offers web-only banking (complete with a physical security key).

Yes. But you won't be able to use certain functions like the free send as a local function
https://www.hsbc.com.hk/transfer-payments/products/international/

Also, afaik you can only add recipients in the app, while you can only remove them in online banking.

I honestly do not know what that app fuss is about. Why not just use online banking and let users "install" the webpage like you can do with OCT. If they then resort to passkeys for login, it would be both safe and easy on both phone and computer.

Maybe it is just me, but I never understood apps when they emerged nor do I now. It is just a html container pinned on a desktop for the very vast majority. No need to compile code etc.

 

[cherry]

I do not mean MAC/IMEI/IMSI/etc but some kind of an "advertising ID" used by all generic Android phones. if you have one without GrapheneOS you could find that ID somewhere in the settings.

GrapheneOS has no Advertising ID:

"The advertising ID is a Google Play services feature not included in the baseline Android API, so it isn't an API included in GrapheneOS."
https://grapheneos.org/faq

If you use these phones sensibly, it's much safer than Google or iPhone.

 

[cckuhqilfownnfctux]

Maybe it is just me, but I never understood apps when they emerged nor do I now. It is just a html container pinned on a desktop for the very vast majority

the majority of the "apps" are indeed just a web browser opening the app creator's website.
but remember that your data is money, the more information about you they could steal the more money they could earn by selling that data to the third parties. while the generic web browser on a computer leaks a lot of information about you, this is almost nothing compared to a phone app which could steal just about everything, including your cat's maiden name, what you eat for breakfast and what color is you shít afterwards.
so this is the true reason why everybody is closing their websites and pushing the "apps" instead which are nothing but a web browser with one single predefined website.

 

[daniels27]

so this is the true reason why everybody is closing their websites and pushing the "apps" instead which are nothing but a web browser with one single predefined website.

Exactly this. But what bothers me from that perspective is:

• Banks claim it to be for security / data protection reasons.
• The customers have little power to prevent this.

Maybe the accessibility regulations if the EU will change something but still I am feeling unwell that the market itself has little influence. We once had a long discussion about this, but seems somehow regulations are the only way.

 

[0xDEADBEEF]

Maybe the accessibility regulations if the EU will change something but still I am feeling unwell that the market itself has little influence. We once had a long discussion about this, but seems somehow regulations are the only way.

You’d think so, but regulations are actually pushing banks to collect even more data. Take the Netherlands for example, the government is pushing Telcos to share call data with banks under the excuse of fighting technical support scams. It’s a slippery slope, and it’s hard to ignore the bigger picture: more surveillance, less privacy, all wrapped up as fraud prevention.

 

[cherry]

For Android emulators, I use Waydroid for Linux. While I haven't tested a banking app, I've tested other apps like WhatsApp and it works seamlessly. I think the banking apps are worth testing out.

 

[cherry]

Another reason to switch to GrapheneOS. The UKSSR is taking the lead as usual.

 

[void]

so after a short experience on Pixel 9 Pro I can tell this
- installation was easy, the system is stable
- I feel more in charge and like actually owning the device (might be a false feeling though ) compared to classic Android
- the battery life improved significantly
- it's not a solution for an average Joe (I guess not meant to be) as I feel exactly like after first time installing VMware ESX - you get a minimal layer on top of the hardware and the rest is your job (one has to create it's on DHCP server, firewall and NAS to be able to move forward) and the same is with Graphene OS... one has to design his own "architecture" from scratch - not saying it's necessarily wrong, but definitely something with a potential to push away many users
- a little disappointment (or lack of knowledge/experience?) is no support for isolation of apps inside the same profile which is something I intuitively expect as most of the apps should have zero need/information about what else is running in the same system and no ability to touch the data of other apps - to achieve this with profiles is practically impossible as I would end up with tens of profiles
- also built in firewall would be something appreciated as granting/revoking network access is mostly insufficient and a fine-grained control over the network activity of the app would be very useful

 

[daniels27]

You report it appreciated. Will you keep using this as your primary phone?

 

[CryptoKnight]

I use it for my special work phone and absolutely love it! It's fast, simple and minimalistic in design and like the user above says it does make you feel more in charge and like you actually own the device. While you can never be a 100% safe when it comes to any electronics it does make me feel as safe as I can be with a smartphone. Of course if you don't have any OpSEC it doesn't matter what system you have. It does have a lot of cool security features such as automatic reboot (which puts it into BFU mode), you can change permissions for the USB-C port to only allow charging (meaning no data transfer), you can randomize your MAC address on WiFi networks and many other useful security futures. Sure, you can't use a lot of banking apps, but there are other solutions for that like using a separate phone/tablet for that specifically.

If you ask me everyone involved in sensitive/confidential businesses should be required to have one. In fact everyone I work with seriously is required to have one (yes I live in EUSSR) even worse (SwedenSSR) where they don't even require a court order to listen to you or your relatives phone calls, read your messages, etc. Only the Paranoid Survive!

is to possible to have multiple isolated instances of the same app (not knowing about each other and sharing any common data) and running them at the same time?
like couple of whatsapp apps with different identities or banking app to represent two persons - Android 14 has the App cloner for this which is very convenient

You can use an app called Shelter to create a clone of each app you have, this doesn't require you to switch between profiles and you can use them simultaneously. It's very useful.

 

[void]

You can use an app called Shelter to create a clone of each app you have, this doesn't require you to switch between profiles and you can use them simultaneously. It's very useful.

yep, I'm aware, currently using Insular for the same purpose
I just wish graphene would have native support for app level isolation as profiles are to coarse... but it's just me, might work well for others

 

[void]

with Android 15 comes also the Private Space feature that is native and one doesn't have to rely on a third-party app... however the design is rather idiotic as it's one single private space shared by all your "private" apps - not sure who can come up with this

 

[kunafa]

I am using GrapheneOS and all banking apps (about 5) work without issue. If you can live without AirTags/Find My/Apple Pay/Google Pay then it's totally worth it to preserve some autonomy over your digital life and break free from Google/Apple ecosystems.