Is it safe to use bank apps in eOS?

Hi all,
Do you think is it safe to use a bank app in eOS?
I mean, they are built to work in Google Android, supported by Google developers, security,experience and so on; by using other OS there “might be bugs” that hackers could use to get thru our data… we are not talking about wassup, telegram, gps… it´s a bank app where we store our money.

It´s just one of the concerns i have to use them in the recently eOS phone I´ve bought, and maybe somebody can help me to clarify this question. I am not an expert or IT guy.

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

It doesn’t matter if /e/, LineageOS, or Stock Android.
With or without Google Service. googled or de-geoogled.
To use banking Apps are never safe.
The only exception I accept is a 2FA app from the bank. But not the bank app itself for access to the account.

There are two ways of discussion:

  1. Do I want to be tracked by google, facebook, twitter, amaton, etc…do I? Do I want these corporations to know my data, my behavior, my whereabouts, etc…?
    No, then I have to de-goggle my smartphone and PC
  2. How important is security and data integrity to me. Access to my accounts, etc…
    Then I must not host password safes in the cloud. Not use a banking app…

Both points must be considered separately and implemented individually or together.

Thanks kisman172,

In this case i didnt mean or wanted to ask if they/Google will “track us”, but what concerns me is if a “malicious” hackers could “easily” access to our bank apps as we have them installed in a not “offitial” OS, without lets say, the Google security for example.

which one? If it’s an FP3, these are delivered bootloader locked and file based encrypted by default.

You’ll have some physical security against consequences of device theft. If the banking provider lets you run the App in /e/, than you’re no less safe from physical attacks than stockrom users. For runtime vulnerabilities you need regular /e/OS and firmware updates.

You can also assess your risk exposure from the other side: some banks allow for transaction limits needing a 2fa confirmation, sending a notification per transaction and having a daily total amount transaction limit. Any 2fa should then be a dedicated transaction-number-generator.

Device control via web interface + dedicated 2fa gives you the option to remove a lost/stolen device from account access, something your Bank can also do for you via phone call in case you part ways with an enrolled device.

The one I´ve bought is the Samsung G. S8

don’t think these can be relocked.

physical security: for unlocked bootloaders (majority of /e/ users), a 4 digit userdata encryption PIN lends a bit of a time window to unroll the device from the banking account in case of theft. The other theoretical risk is somebody altering system files with you being unaware of it… are you a probable target of such an attack? I’m not.

It’s a tradeoff for what you get in utility running banking apps on a handheld. I think peer to peer payments are nice, the split-your-bill-type. Anything of a higher amount should require dedicated 2fa confirmation. At least know the steps required how to unroll a device from your bank account. Do not use the phone as 2fa itself, then - in my opinion (!) - also unlocked phones can be used for “small” payment purposes.

Yes. I think they are as safe in /e/OS as in any other Android system - Google’s or a custom ROM. For me, that is safe enough to use without worrying.

Some people - see earlier comments for example - seem to think that using any banking app risks giving other people unauthorised access to their bank accounts. I have not come across any credible evidence to suggest that is the case.

I have been using internet banking - via web browsers and phone apps - for several years, and I will continue to do so. Others will choose not to do so, and that is their choice. I do not think you should be put off using banking apps, or any other apps, unless someone can show you clear evidence of a specific risk which can be realistically exploited. Nothing you do in life is risk free, but we all make judgements - based on our own experience, and the evidence of others whom we choose to trust - of what constitutes an acceptable level of risk.