Security for newby

Hello /e/ community,

Sorry for my so bad english…

I use /e/ OS since few months and I give congratulations for the team job.

I post this topic because I’m not an expert about phone security. My question: what are the risks to use banking apps when we don’t understand all of parameters of this new OS.

I frequently read topics about use apps “under shelter” or other … Is it necessary?
The banking apps are safe in aurora?

If I understand, install /e/ OS is not root phone, so the security isn’t down for a basic user like me?

Waiting to read expert users

Nice afternoon

First of all, there is no extra risk on eOS. Installing a banking app has the same risk as using a cash card. Don’t store your pin in phone and use app in secure place and everything is fine.

I would prefer try to install your banking app on your unrooted phone. Some banking apps are working out of the box.
If it isn’t working you can it like described in the HowTo’s [HOWTO] Installing Banking Apps
But some banking apps are still not working. Than your online chance is using the webpage of your bank.

Thanks for your opinion Harvey :+1:

Here are some basics on how to secure /e/ and every OS :

  • Encrypt your phone (if not, anybody will be able to access everything)
  • Set a good password (to prevent brut force)
  • Apply the updates (which bring security updates)
  • Do not install unknown or weird or untrustworthy apps
  • Do not root your phone
  • Limit authorizations asked by apps to the bare minimum in Security & Privacy > Trust (ou Protection des donnés en français ou quelque chose de similaire), then long press on any app you want to configure deeply
  • Do not let your phone without surveillance, someone could install something bad through TWRP but it’s very unlikely.

If you respect everything, you won’t face any issue (or you are the less lucky person on the internet).


Nope, everyone who get the phone in his hands and knows how to do. You must be a hacker to do that. Pls, no panic !

You just have to delete a file through TWRP in order to delete the password/PIN/pattern.
And of course every files are available in TWRP anyway so no need to be a hacker.

Same thing with windows since always, a password on a local account is barely nothing since everything isn’t encrypted.

1 Like

As for others systems, enable MFA within your banking app.
And please don’t use SMS as second factor :wink:

No ‘normal user’ is knowing that. You are a Android profi and for you it will be easy.

And I’m allways telling: Do you have your high security documents allways in your pocket ? No, you have them stored in a safe.
So why using your phone as a safe ?? It’s only a PHONE !!!

But I will stop the discussion here, because the user want’s know about banking apps. So this discussion is out of topic.


Why are you trying to deny this vulnerability so hard? Gael acknowledge this here. I think the tips @Anonyme gave are fine, no need to argue these points.

So I guess you are fine with putting your photos, contacts, call history, mails and everything else in a headache/puzzle/brainteaser ?
No normal user can open it, right ? But if your phone is stolen by somebody who knows or really wants to, he will find how to enter into recovery mode (really not a hackers only skill).

Every thief knows how to enter into recovery mode to reset and resell the phone, and even if he doesn’t know TWRP he will see that he can access everything.

An unencrypted phone with a custom ROM is definitely not secure.

So I guess you are using this ?
No need to have a sex tape stored in your phone to have things you don’t want to share.
Not encrypted = open. A lot of people are connected to their mailbox for example, and you really don’t want somebody to access that so easily.

Exactly, and you are not helping him/her by telling ‘use your phone as a phone’ nor ‘use your banking app on an unencrypted phone’.

This topic is about “Security”, the banking app is just an example.

To conclude, it really sounds easier to take 10min to encrypt a phone. Why this feature would exist if there was no risk ?

1 Like

And in application management, is it useful to put system passwords on risky applications (bank, data …)?

In the case you walk on the street using your smartphone and somebody steal your phone while it’s unlocked, I guess you will be happy to have locked sensitive apps by a password.
But I personally don’t use this feature.

How many phone have you lost or getting stolen ??

If you are using a app like keepass you can store your secure data in it. Or use something like KyCalc to hide und secure your sensitive data.

Are you really telling not to protect something because it hasn’t been compromised yet ?

Why are you locking your door with a key if nobody has entered in your home ?
Why have you enabled double authentification if nobody has stolen your password ?
Why do you put your documents in a safe if you have never been robbed ?

I think (I hope) you will agree that the above examples can’t be taken seriously.
(Of course they are rhetorical questions so no need to answer)

You are probably the only one who recommends not to encrypt something. I can’t see what I could say more if you still don’t understand so this is probably my last post about that (here).

I don’t do it :joy: :joy: :joy: And I never have had a burglar in my rooms. Same on my car :+1: :+1:

I think this is all ‘making panic’. I’m absolute no friend of encrypting the phone. If it’s falling down and the screen is broken (that happens more than the phone gets stolen), I’m (as a advanced user) able to transfer my data to my PC and to my next phone. If the phone is encrypted, I have no chance to do it. That’s only one reason for a none encrypted phone.

EDIT: If I don’t answer back, that is NOT an approval. I’m just out of the mail

1 Like

What i don’t understand is how you use your own situation as a sort of standard. It’s not harvey OS, it’s /e/ OS. So that means (i hope) a lot of different users, and a lot of different people. So safety measures are necessary, and for now Anonyme’s list is a good starting point. Hopefully /e/ is default save to use in the feature.

Full agree ! And I’m one of the different users which doesn’t lock his doors, doesn’t use a screen lock on his phone and doesn’t encrypt his phone and doesn’t use the latest security patches :smiley:
Everyone should decide for his own what’s the best for him.
Live and let live. Without panicking

Of course, you can use it as you like. But advertising other to do this also is wrong in my opinion. Like disabling the airbags out of your car because you never had any accident, and tell others to do so also. In the /e/ car the airbags are disabled by default, so nothing wrong with warning the drivers to turn it on. After that they can decide for themselves.

1 Like

Why is it wrong? Anonyme and you are telling him to encrypt and i’m telling not to encrypt.
Where is the difference. Why is my hint wrong and yours right ?
He should know both sites and than he can decide.

1 Like