Hi to all,
I use 0.18 q Unofficial /e/ on Mido. Now I want to take it seriously. I want to discuss whether should I do financial transaction on /e/.
How Secure is the /e/ for Financial Transaction (Specially Banking Apps and Wallets)?
Some banking apps are not working without Magisk Hide and some Wallets application are working without any Magisk Hide.
Is it safe to use Banking app with Magisk (root)?
Will it make any difference security wise if I use Official /e/ or Unofficial /e/.
Yes you are right but what would you do about Wallet? It is made to be portable. You may need Wallet (at least) anywhere outdoor.
And it is good and usable to pay by Banking app and Wallet on road IF OS IS SECURE. Why not?
And would not you use Authentication apk on Cellphone for 2FA?
I’m old school, cash and card… Personally don’t like using services by tech here at least… Google/Apple Pay etc. Still interested in your original question and feedback from those more educated on the backend/security of what you have pitched.
No offense on being your older than old school. But you are using Cellphone and not old post cards
Knowingly or unknowingly we adapt and learn new things.
Shouldnt we be insisting / making things better?
I hope you and I have Cellphone so secure that we use its portabilities.
none taken … but while your OP specifies /e/, one is actually discussing the risks associated with the security of a do-everything piece of equipment that one can easily lose full control of in any number of physical and electronic ways.
Conversely I use a bank to give responsibility for my money to someone else - I do not want anything in between.
A communication device is about getting out of our own little world. A bank is about securing a piece of our life.
It is more privacy for me. I trust my browser more than the app as we know many apps are sending trackers home which are used by big tech to track/invade our privacy.
Maybe someone else can chime in on the security side. My view is “httpS” in the browser and my VPN(which I trust, it is FOSS and verified) at the system level to protect.
I guess if the apk for my browser was compromised it would be just as bad as a compromised app.
This could help if unaware of apps “calling home” thanks to @river
EDIT: Sorry if I wasn’t clear. I also don’t transact using any pay services because this just gives these companies more leverage and control over me. This is why I love cash especially and also why others love crypto currencies. These things make us more free from my perspective (similar to privacy solutions like /e/).
*I am using my browser to check financial accounts, not transact. To see if you could transact via browser you would just have to try it out. The tech companies likely make it not efficient/user friendly as to be sure people utilize the app and in return can “call home” and collect data (maybe some personal bias here)
Fair point, I didn’t mean it that harsh.
I applaud every effort in building /e/ for some device, but this topic is about security, and official /e/ gets OTA updates and has more people involved on that end, which is a lesser danger of security update absence (at least in theory) .
Shouldn’t /e/ be build in such a way that all people can utilize it fully (like doing financial transaction etc). (to developers of /e/).
Is there any other such OS that can give you confidence to use mobile fully?
/e/ is being built to avoid being dependent on Google, primarily. Banking Apps mostly depend on Google (especially on Google’s SafetyNet).
If anything, it’s the Apps which have to change, not /e/. Question is, how e.g. Banking Apps can then ensure the integrity and safety of the device for banking. Doing it the Google way is the easy way for App developers, in general.
The Google ecosystem is working well for App developers and most users. /e/ is made for those who want to leave that ecosystem because they don’t feel this way.
With the help of microG (which is included in /e/) you might be able to still tap into this ecosystem to get some (by far not all) Google-dependent Apps running for a while for your own convenience, but that’s it. Else you can try to find existing Google-independent Apps for your use cases, or you can try to get the developers of Apps to build Google-independent versions and make them available outside of the Play Store (Good luck with that!), or you can try to use a website instead of an App (if you’re lucky it’s PWA-enabled and feels like an App), or you can try to change your use cases to not rely on Apps which don’t work outside the Google ecosystem.
/e/ can’t do magic.
Just use the stock Android OS of your device without a Google account (you can skip this step in the initial setup), uninstall every Google stuff you can uninstall without crippling functionality, and browse through all the settings to make some sensible Google-related choices. Here’s an (old) example of this for the Fairphone 3. Things definitely will differ for recent versions of Fairphone OS or for other devices, so some research will be necessary.