Adding N26 App in /e/ store

“There are about 4,700 banks in the eurozone countries. In the (still) 28 EU member states plus the EFTA countries (European Free Trade Association) there are about 6,600 banks. And how many banks worldwide - no idea.” … more …

I obtained my banking apps from alternative APK Downloader portals.

Hi @belette N26 when requested through the App Installer … Apps >> Settings >>Request App shows an ‘The app is already available or has been requested’ which I agree is not a very informative message.

Some bank apps will not work without Google Services other banks do not allow their apps to show up on non google Play repositories.
The Apps Installer developers have been asked to display more information when user requests for app inclusion fails. As a work around you can try downloading from repositories like Aurora Store in case it is available there.

Better to be careful with N26. Even their app has 5 trackers! This is really a shame, banks should not let their customers track by other companies.

The online bank N26 made several negative headlines in 2019, including breaches of the European General Data Protection Regulation (EU-DSGVO): Consequence 50,000 Euro fine. If N26 Banking, then on the desktop PC “N26 for the Web

@archie yes I agree but they kind of force you using there app to send money with dual factor authentication with your mobile. Without the App the Web access is kind of read-only…

@belette, I do online banking only via web (PC) + authentication including QR code (e-Phone) with my two banking apps. The two-way security is essential.

@archie yep, and at the beginning I thought it was possible to use N26 only via web (PC) but you need the N26 App and pair your phone with your account to be able to use all the features…

Now I am discovering the tracker they use : https://reports.exodus-privacy.eu.org/en/reports/55645/ I am wondering how theses tracker & permission work?

Taking N26 example, and extracting the most sensible permission :

ACCESS_COARSE_LOCATION
ACCESS_FINE_LOCATION
ACCESS_WIFI_STATE
BLUETOOTH_ADMIN
CAMERA
READ_CONTACTS
READ_EXTERNAL_STORAGE
RECORD_AUDIO

First question is if the App can access all of this all the time or only using the App? Asking this because the App is running in background and sending popup in realtime when a payment is made (I assume using MicroG in our case?)

Does that mean the App know even in background the approximate location? I guess the fine location is only available when GPS is ON? What about WiFi and Bluetooth state, could they retrieve AP Name and SSID? I hope and I assume the Camera permission is only to get access when they have to request picture to verify the photo during the initiate process and that they can’t have access outside this process? What about having read access to storage? Again is it only when sending initial picture of ID but how it is possible to be sure the App is not accessing something in the background?

A lot of questions, but I believe important to know the generic mechanism under theses permissions.

I have hears the Android 10 is bringing more accurate and advanced permission , would it be possible to deny some permission by App? Would the App would allow to be used in this case? Any other way to spoof or improve privacy when Apps are asking for theses permissions?

Many thanks!

Just a short remark: Banking apps are mostly closed source and have several trackers (and not only that). Having a banking app means basically having a backdoor/spyware. I know many users are using them but it’s not a wise thing to do. A bank which does not offer a web-only banking is not a good choice.

For the authentication procedure, each bank relies on a different model. In addition to the Baning App, my banks offer a TAN generator for a fee. With this authentication procedure the security is very high, but there are (twice) additional costs. These costs deter many users from using, including me.

It’s often the same, protecting data costs money. If someone can or will afford it, data (privacy) is protected - otherwise it is not.

That separate TAN generator device costs money (mostly too much money!) because banks want to keep people from buying it. Banks want that customers use the mobile spyware/backdoor banking app on the phone instead.

The TAN generator is a good investment anyhow as it keeps the bank away from the customer’s mobile device (and data).

Well, data is what the bank gets from its customers.

For example 1: For every transaction within the EU (Single Euro Payments Area), no matter if TAN generator or otherwise, at least the IBAN (International Bank Account Number) and possibly also the BIC (Business Identifier Code) of the payee are transmitted.

For example 2: For a foreign bank transfer of more than 12,500 euros, there is a reporting obligation according to the Außenwirtschaftsverkehr (AWV).

That’s not what I’m talking about. See above:
“Taking N26 example, and extracting the most sensible permission :
ACCESS_COARSE_LOCATION
ACCESS_FINE_LOCATION
ACCESS_WIFI_STATE
BLUETOOTH_ADMIN
CAMERA
READ_CONTACTS
READ_EXTERNAL_STORAGE
RECORD_AUDIO”
And those apps are often full of trackers too.

Hi, did anyone manage to make n26 app work with /e/??

I am planning to quit them because they willingly said that my device is not supported.

N26 - It’s better to be warned.