Security of /e/

Hi to all,
I use 0.18 q Unofficial /e/ on Mido. Now I want to take it seriously. I want to discuss whether should I do financial transaction on /e/.

How Secure is the /e/ for Financial Transaction (Specially Banking Apps and Wallets)?
Some banking apps are not working without Magisk Hide and some Wallets application are working without any Magisk Hide.
Is it safe to use Banking app with Magisk (root)?

Will it make any difference security wise if I use Official /e/ or Unofficial /e/.

And how about using Authentication apk on /e/?

I think it is concerned to many /e/ user.

Thanks

I have interest in this too however I login via a browser.

1 Like

Yes you are right but what would you do about Wallet? It is made to be portable. You may need Wallet (at least) anywhere outdoor.
And it is good and usable to pay by Banking app and Wallet on road IF OS IS SECURE. Why not?
And would not you use Authentication apk on Cellphone for 2FA?

Thanks

1 Like

I’m old school, cash and card… Personally don’t like using services by tech here at least… Google/Apple Pay etc. Still interested in your original question and feedback from those more educated on the backend/security of what you have pitched. :+1:

3 Likes

No. I would never use a mobile for banking, other than a “pocket money” card. But I am older than old school! :slight_smile:

3 Likes

What about Authentication Apk? Those are mostly for mobile and it is for the sake of the safety.

Hi,
No offense on being your older than old school. But you are using Cellphone and not old post cards :wink:
Knowingly or unknowingly we adapt and learn new things.
Shouldnt we be insisting / making things better?
I hope you and I have Cellphone so secure that we use its portabilities.
Thanks

none taken … but while your OP specifies /e/, one is actually discussing the risks associated with the security of a do-everything piece of equipment that one can easily lose full control of in any number of physical and electronic ways. :slight_smile:

Conversely I use a bank to give responsibility for my money to someone else - I do not want anything in between.

A communication device is about getting out of our own little world. A bank is about securing a piece of our life.

4 Likes

In the end everybody chooses what to do with a smartphone for themselves.

Some choose to do banking on a rooted phone and try to fake their way around every safety check the banking App of choice can come up with.
I won’t judge.

1 Like

No, the bar is very high in specifying that an unofficial build is made from the /e/ sources.

It is the case that different builds of /e/ can have differences. I think these would really only stem from the build date, from the contents of the repositories on the day of build.

1 Like

That may well be, but unofficial builds “Do not receive OTA updates” … so, whoever does the unofficial builds better does security updates for them afterwards, too.

2 Likes

How do you differentiate between transaction via PC (web browser) and via Mobile, security wise?

It is more privacy for me. I trust my browser more than the app as we know many apps are sending trackers home which are used by big tech to track/invade our privacy.

Maybe someone else can chime in on the security side. My view is “httpS” in the browser and my VPN(which I trust, it is FOSS and verified) at the system level to protect.

I guess if the apk for my browser was compromised it would be just as bad as a compromised app.

This could help if unaware of apps “calling home” :point_down: thanks to @river

EDIT: Sorry if I wasn’t clear. I also don’t transact using any pay services because this just gives these companies more leverage and control over me. This is why I love cash especially and also why others love crypto currencies. These things make us more free from my perspective (similar to privacy solutions like /e/).

*I am using my browser to check financial accounts, not transact. To see if you could transact via browser you would just have to try it out. The tech companies likely make it not efficient/user friendly as to be sure people utilize the app and in return can “call home” and collect data (maybe some personal bias here)

2 Likes

Please don’t go telling people who try to help by making unofficial builds what they had “better do”. Some of us don’t react well to being told what to do :wink:

3 Likes

Fair point, I didn’t mean it that harsh.
I applaud every effort in building /e/ for some device, but this topic is about security, and official /e/ gets OTA updates and has more people involved on that end, which is a lesser danger of security update absence (at least in theory) :wink: .

3 Likes

We can always check out for Security Patch in update. can’t we?

If you get an update, yes.

With respect to all participant,

Shouldn’t /e/ be build in such a way that all people can utilize it fully (like doing financial transaction etc). (to developers of /e/).
Is there any other such OS that can give you confidence to use mobile fully?

@Zeno I see your perspective. I think we just have different use cases. Many different perceptions, all with good justification like yours :+1:.

1 Like

/e/ is being built to avoid being dependent on Google, primarily. Banking Apps mostly depend on Google (especially on Google’s SafetyNet).
If anything, it’s the Apps which have to change, not /e/. Question is, how e.g. Banking Apps can then ensure the integrity and safety of the device for banking. Doing it the Google way is the easy way for App developers, in general.

The Google ecosystem is working well for App developers and most users. /e/ is made for those who want to leave that ecosystem because they don’t feel this way.
With the help of microG (which is included in /e/) you might be able to still tap into this ecosystem to get some (by far not all) Google-dependent Apps running for a while for your own convenience, but that’s it. Else you can try to find existing Google-independent Apps for your use cases, or you can try to get the developers of Apps to build Google-independent versions and make them available outside of the Play Store (Good luck with that!), or you can try to use a website instead of an App (if you’re lucky it’s PWA-enabled and feels like an App), or you can try to change your use cases to not rely on Apps which don’t work outside the Google ecosystem.
/e/ can’t do magic.

Just use the stock Android OS of your device without a Google account (you can skip this step in the initial setup), uninstall every Google stuff you can uninstall without crippling functionality, and browse through all the settings to make some sensible Google-related choices.
Here’s an (old) example of this for the Fairphone 3. Things definitely will differ for recent versions of Fairphone OS or for other devices, so some research will be necessary.

4 Likes