eOS is the same way secure (or unsecure) as original android itself. There is no difference in security.
The only difference is, that you don’t have a verified bootloader, because it is unlocked. All other is the same.
But I think it was long discussed on telegram group.
3 Likes
Hi Harvey,
The specific question was discussed on Telegram, though even there I got mixed messages about the extent to which the unlocked bootloader was a security issue, a discussion that went beyond my own understanding.
The reason I have posted here on the forum is that I think e Foundation needs to address this issue head on in its FAQ and general promotion of /e/. If I am someone who really wants to use /e/ but feel cautious about this issue (or have to go on Telegram or forums to find out more) then how I am going to convince people around me to make the jump to /e/, as we discuss things like privacy in bars etc. 
I am giving this feedback as someone who would really like to see /e/ succeed. After two years of general use, this is the one issue that I feel uneasy about, because I don’t really understand the technical aspects around bootloaders etc. and also because I see messages about Aurora downloaded apps not always working. I am trying to make clear that to a non-tech user - /e/'s ultimate target audience - this still feels like a grey area in the documentation and the messaging around /e/. I am being maybe too deliberate about this, but my impression is that sometimes people for whom flashing roms is no big deal, it’s hard to see what /e/ looks like to regular users.
3 Likes
Thanks for the suggestion @Carlier. We do have these suggestions in our documentation and forum but as you mention may be it is spread all over. We will add it as a 'what does not work on /e/ ’ point in our FAQ for new users.
2 Likes
While it is good to get some assurances about safety from individual users on this forum and on Telegram, it would be a lot more impactful if I could see e Foundation commit to that assurance by just saying on their site that it is perfectly safe to use banking apps on phone with unlocked bootloader running /e/. That kind of clarity will build trust with regular users. (Or, alternately, state clearly why /e/ cannot assure that safety and then at least I know not to do my banking on /e/, other than with the FairPhone3.)
1 Like
Sorry - we posted simultaneously there. So Manoj, are you then saying I should not be doing my banking on /e/, if you are thinking of adding this point to ‘what does not work on /e/’?
The problem is with the Banking apps. They would not work on any ROM which does not have the full compliment of Google’s files and infrastructure to help it. There may be some exceptions to this rule. Some apps that may work. You can check with the developers - write to them and ask them to support /e/ or non google ROM’s. One option to install Banking apps on /e/ was discussed here. Alternately some banks have PWA which work on /e/ or other custom ROM’s.
On a personal note I never installed any banking app on my phone even when using stock ROM so not exactly an expert to speak on this subject.
1 Like
Hello.
In fact, the main problem comes from banks’ goal AND gg’s monopolistic domination on w.w.w. : for fastest profits, the easiest way to go is using mainstream gg’s APIs. Doesn’t matter if some users take care of real privacy and data’s leaks, T.I.N.A. and that’s all folks.
Even from PC, from update to other, it’s becoming more and more difficult to access and use banks’ services (?) without ggle or pple.
Aow… that’s true ! It’s ‘for you security’, of course ! So, all is fine… I will buy a Pixel and a Chromebook and the world will become smooth and secure…
Seriously, I don’t know how /e/ and FOSS projects will continue, in a few years. Thanks to devs who always trust in free as freedom in that mad world.
3 Likes
The issue is when someone finds/steels/gets your phone he/she could access your phone. Unless you lock the bootloader (FP3 only) or encrypt the phone. This is not the case on stock Android because then the bootloader is locked. About banking apps, very few work 100%. Only thing we can do is to nag at banks for a web application (PWA).
Sorry @andrelam but that has nothing to do with banking apps and is offtopic here. You are talking about a general security issue and should be discussed in other post
Just correcting your own off topic statement ‘eOS is the same way secure (or unsecure) as original android itself. There is no difference in security’.
What about if the banking app downloaded from Aurora does work on /e/ with unlocked bootloader?
Noone can say in general if the banking app will work. Aurora is a client for Goolag play store. You will get all apps which you will get with original goolag playstore.
But as you can see in my HowTo for installing banking apps, a lot of Banking apps won’t work with eOS or any other custom rom without original goolag services.
So where you download the app makes no difference. BUT I never would download a banking app from other sources than origin. So Auroa is the best choice
1 Like
An underappreciated thought.
While just not using certain Apps is of course no real technical solution for people who want or need to use them, questioning oneself about the sense and importance of a use case might lead to the one or other liberation from a constraint in device usage.
Long story short: Custom ROMs like /e/ are way more fun if you don’t need to get your banking to run (… Yo 
) .
I see the power of not using bank app on the phone, problem: some banks use phone authentication to access web version 
2 Likes
As an option, yes … but without any alternative way?
That would make me switch banks.
But most app will also accept to use external TAN generator for this
That’s exactly what I did 
Yes, that’s an option too, though very tedious, as for each transaction you have to type in a series of numbers on a separate device. But it’s true that there are work-arounds. Once you are used to the convenience of smartphone banking, it’s quite hard to go back to previous technologies.
The other concern I had was with LastPass, which gave me a warning when I first started it up on /e/ (downloaded from Aurora again), saying that my phone was rooted and therefore possibly not safe.
To get back to the point about building trust in /e/ for regular users, as someone mentioned in the Telegram community chat, it seems the only truly safe option for these more sensitive apps right now is the FairPhone3 with /e/ with bootloader locked.
1 Like
This error message you will also get on a fp3 with eOS and locked bootloader, because it has nothing to do with root. It’s because of missing goolag services.
You have to decide for your own, want privacy, than some spying apps won’t work.
EDIT: by the way, on my eOS pie I don’t get this error message. I have yust installed lastpass, created a account and everything works.
And do you know it has trackers as hell?
1 Like
If everyone on this forum does it, it will 100% result in change!