Ive recently downloaded the barclays pingit app for my dhd and the app has a built in checker to see if your phone has root access and denies you access to the app if you are.
does anyone know a way of tricking the app into thinking im not rooted, ive been waiting for a barclays mobile app for android since ive been on android and now they have one i cant use it.
thanks,
Nathan
Yes I want to do this also; I am wondering if I could temporarily turn off Super-User on my SGS2, would I then be able to configure Pingit, hoping to turn SuperUser back on and then run it OK.
maybe
could always try renaming the SU folder. This will temporarily unroot the device, but you might need to do that by adb. The only reason the app is blocked from rooted devices is to protect you though. If you forced your way passed security and were frauded then banks arent so kind at refunding you if you are a victim of fraud.
I believe the app will be opened up to rooted devices later on, I know the beta pingit worked on rooted devices, but crashed. Might have been due to me using ICS though.
Spoken to Barclays about this
Ok, so after a couple of usual answers from the normal ill informed call handlers, I was told that "not many people use a rooted device"
Barclays I guess are not that bothered about missing out on a sector like myself, that run An It support company, and are small enough to not be able to afford Pdq machines, and wont to provide an alternative payment method to its customers. Given the nature of our business, it wouldn't be surprising that we would have rooted out devices...!
Anyway after much moaning, I still could not get a "real" reason why the Barclays developers, are worried about rooted devices..the only answer I was given was "the developers dont want rooted users changing or seeing their work" !!...
So the point of this reply is to post the email address I was given to email barclays about the lack of support for the app on a rooted phone.
I was told to put PINGIT in the subject field and send it to [email protected]
Who knows if enough people email them, they may realise its worth allowing the app onto rooted devices.
Chris
reppo28 said:
So the point of this reply is to post the email address I was given to email barclays about the lack of support for the app on a rooted phone.
I was told to put PINGIT in the subject field and send it to [email protected]
Who knows if enough people email them, they may realise its worth allowing the app onto rooted devices.
Chris
Click to expand...
Click to collapse
Good idea Chris, I have used this wording in my message to them;
“Pingit is just what I have been waiting for! However you have made it so I can’t use it on my fantastic Rooted Samsung Galaxy S2; I will not be giving up my phone to get Pingit, no I will simply change banks to whom ever first offers the same type App.
Goodbye Barclays”
PINGIT
I emailed Barclays (as per email address above), and was given this response:
It is not possible to download and use the Barclays Pingit App on rooted android phones and Jail broken Iphone as they could allow other
applications running on the devices to capture the five digit security passcode that is used to access the Pingit App which may result to fraud.
If we come across any phones that are being attempted to download the app through by passing this option they will be blocked for security
reasons.
Consequently at this present moment in time, we have no plans to allow either rooted or jailbroken phones to access the app.
Click to expand...
Click to collapse
Wouldn't a keyboard app capture that security key on unrooted devices, too? If so, surely logic follows that unrooted phones with custom keyboards should also be blocked.
The irritating thing about their explanation is that the root check happens after they ask for all your details. Security fail.
OK I got it working with the following step.
Install SuperSU
Install Voodorootkeeper.
Using Root explorer or similar. Go to sys/apps Rename superuser.apk to superSU.apk
Run Voodoo rootkeeper and temp hide root.
Pingit it should now work.
PayPal works beautifully on rooted phones, which in my mind is reason enough for other financial institutions to follow their lead!
Sent from my Desire HD using Tapatalk 2
gcarter said:
PayPal works beautifully on rooted phones, which in my mind is reason enough for other financial institutions to follow their lead!
Sent from my Desire HD using Tapatalk 2
Click to expand...
Click to collapse
PayPal isn't a bank/building society and isn't regulated by the FSA. That means they don't have to follow "best practice" with regards to security. Barclays have tried to minimise all possible avenues for fraud.
Does the Pingit app use its own build in keypad or does it use whichever keyboard you have installed and selected?
It's own keypad.
Humma78 said:
OK I got it working with the following step.
Install SuperSU
Install Voodorootkeeper.
Using Root explorer or similar. Go to sys/apps Rename superuser.apk to superSU.apk
Run Voodoo rootkeeper and temp hide root.
Pingit it should now work.
Click to expand...
Click to collapse
This didn't work for me. Any ideas how else this can be achieved?
I take it there is no workaround?
Related
Hey guys, thought you might all find this sueful as I have and I find the pplication to run very well.
http://wavesecure.com
http://m.wavesecure.com - Anyone brosing on their phone can get it straight.
Or alternatively check the Market for it ...
I'm guessing it has to be installed on the phone before March 31 to get the free for lifetime offer, so for those of us still waiting for our Desires it won't be free.
However, I am unsure how much use this app has, since a hard reset is always an option. After that, the phone can be sold (or used) "as new" by the perp. Granted, your personal data is safe in this case, but to make the phone unuseable, you'll have to get the IMEI banned with the network.
Hardreset seems to be the only way to remove it but then again how many people get a phone and hardreset it before it even boots?
If you're quick enough and the person is slow enough you may be able to get the location of the phone.
As it's free I thought it might help even a little in such situations ...
The end date is a major shame . The good think is though it works on other devices, may be possible to ask them to transfer from one device to another.
A knowledgeable thief would probably do a hard reset, but at least your personal data (that is not on the memory card, that is) is safe that way.
I've sent them an email asking about the end date and whether it has to be installed on the phone before that date to be valid. I'll report back when/if I get an answer.
O and O said:
Hardreset seems to be the only way to remove it
Click to expand...
Click to collapse
According to the FAQs on their website -
"On Symbian and Windows Mobile phones, you will be prompted to put in your PIN before you can uninstall the application. On Android and BlackBerry phones, WaveSecure can be uninstalled without a PIN."
norm2002 said:
According to the FAQs on their website -
"On Symbian and Windows Mobile phones, you will be prompted to put in your PIN before you can uninstall the application. On Android and BlackBerry phones, WaveSecure can be uninstalled without a PIN."
Click to expand...
Click to collapse
There is an app on the Market to combat this, if you uninstall either it will lock and you need to put your pin in ...
Hey guys,
I figured out how I can get WaveSecure for free before the end date and without having the Desire yet. Basically I have a dual boot with Android on my Diamond 2 and I installed WaveSecure on that from the Android market and registered my phone and SIM with it. When you go on the WaveSecure website, login to your account then go settings and there is a disconnect option. From there you can disconnect the current phone from the account and connect a new one. So when I buy a SIM free desire I will put my current SIM in it and change the device from the website.
Hope this helps some of you.
That's REALLY impressive. Nice find!
I downloaded the .apk using a Spoofed User Agent on Firefox to make the Wavesecure website believe I was browsing using the Android Browser.
I assume I would have to install this on an Android device to qualify me for the free subscription?
StuMcBill said:
I downloaded the .apk using a Spoofed User Agent on Firefox to make the Wavesecure website believe I was browsing using the Android Browser.
I assume I would have to install this on an Android device to qualify me for the free subscription?
Click to expand...
Click to collapse
/e delete this post
StuMcBill said:
I downloaded the .apk using a Spoofed User Agent on Firefox to make the Wavesecure website believe I was browsing using the Android Browser.
I assume I would have to install this on an Android device to qualify me for the free subscription?
Click to expand...
Click to collapse
Yes ...
... Is it OS exclusive ... you need to install the application ...
Excellent, thanks!!
I am currently testing out Good for Enterprise, it is an application that syncs your work email/calendar to your cell phone. One of the security policies they have implemented will not allow the application to run on rooted (android) or jailbroken (iOS) devices. Since I am testing it this rule doesn't apply to me, however, if they ever kick me off the Dev environment I would still want to use the app.
Does anyone have an idea on what the application may be using to detect rooted devices? If we can identify what it is looking for/checking, how easy would it be to spoof the application into thinking it was a stock/non-rooted device?
More or less, just deny it root access if it asks.
It could be looking for blocked host files.
||A noble spirit embiggens the smallest man||
I'm curious too. Maybe it looks for the superuser app? One anti virus I tried knew I was rooted too.
Sent from my Incredible using XDA App
So it's a bit rubbish that you can't use Amazon Video on your Kindle Fire if it's rooted. I don't want to steal movies, crack DRM or anything else, I just want to have a rooted device to use with my Amazon Prime VOD feature. Bit harsh imho. Sooooo.... I thought i'd have a poke around and see what I could find out.
What I found was a very complex web of protection on a scale above anything i've seen an Android app before. Not only does the application check for root in more that one location (in the application itself and in the native library), it also performs tamper detection on the APK. Not only that but it also checks that the signature on the APK to check that no code has changed (if you change the code in classes.dex and drop it in, this is usually OK on a /system/app file, but not in this case). The code itself doesn't have a single, uniform tamper / root check function, it does it all over the place. Finally, just to make things even more difficult, key parts of the code are pretty heavily obfuscated to make the code hard to analyse / modify.
Despite this, I thought i'd see what I could achieve by patching it piece by piece with the goal of allowing video with root.
The first step was to work out how to get around the signature check. Without sorting this out, the app would immediately flag up as being tampered if I made ANY change to the code. The answer to this was to re-sign the Amazon Video APK, ATVAndroidClient.apk. Of course we don't have the Amazon certificates, so we can sign them with our own, or with SDK certificates. Since Amazon Video uses a shared user id, other APKs need to be signed too. The full list is ATVAndroidClient.apk, KindleForOtter.apk, OtterTutorial.apk, AmazonVenezia.apk, Launcher.apk, Windowshop.apk, CSApp-unsigned.apk, MyAccount-unsigned.apk, amazonmp3-unsigned.apk, Cloud9-unsigned.apk, OOBE-unsigned.apk, com.amazon.dcp.apk, Cloud9SystemBrowserProvider-unsigned.apk, OTASilentInstall.apk, Facebook.apk and OtterAppManager.apk.
After doing this, the next step is to patch out the tamper checks. This can really only be achieved by tracing where the app goes and how it works and by carefully analysing logcat to get clues as to where the errors are happening. Since i'm in the UK I also had to use a DNS proxy with a static IP... I used unblock-us which works a treat. Eventually I got to a stage where I got the application to ignore any tamper detections, thereby enabling the various 'Watch' buttons.
In the next step I could see what something was triggering another problem, and it turned out to be detection of root. This was happening in one of the more obfuscated bits of code, but again with careful tracing I managed to find this and patch it out.
At this point the application was loading, passing tamper checks, giving me the watch buttons, requesting the stream from Amazon and giving me the loading progress bar etc... BUT... the licence request to Amazon continually failed. This is the point where I came to something of a brick wall. It appears that there is some additional root checking going on in the native library, and unfortunately, reverse engineering this is beyond both my abilities and more important the time I have available, so we don't have a fully working solution.
The positive things though are that we now have a patchable Amazon Video APK, which means we can implement the functionality of the 'root keepers' within the app itself. We can effectively make the Amazon Video APK hide the su binary from itself on launch and put it back after it's run it's checks. Not ideal, but might be the best way to go. Note that the root check doesn't care about the Superuser APK, it only checks for 'su'. It checks in all the locations in the PATH variable, so moving it to, say. /system/root and adding that to the path won't help. Unfortunately.
For now, I have to put this on the back burner, but i'm posting my patched APK below so that if anyone wants to pick up the work of reversing the native binary they can do so, simply by using this APK and re-signing it and the other APKs mentioned above.
Any questions, feel free to ask them here. Obviously I have no interest in saving streams, downloading movies or any stupid stuff like that, so don't even ask.
P
DOWNLOAD - MD5: f6044dbeffa4eb3f8361c71a96683150
send to kindle - passage through amazon servers
Apologies if this seems off off topic but I believe it may tied to your explanation of the security at Amazon --
http://forum.xda-developers.com/showthread.php?p=21366426#post21366426
As proof of concept Ive been messing around with the SendtoKindle.exe from the desktop explorer -- and have failed to get anything worthwhile past the amazon servers.... to see if I can use the Send to Kindle to get say, a rom file or binary kernel or apk or something of that sort -- and have not been able to get anything past.
The fact that everything is failing is only making me want to keep trying different things -- which Ill just keep on trying.. so i will try different things -
Ive sent 40 different documents of all kinds to see what goes through and what doesnt... and the only things that are going through are basically legitimate items.
If this is entirely irrelevant to your quest, then my apologies -- but regardless I shall enjoy observing how you shall achieve your success Paul!
Solved. Its hacky, but I've confirmed it working. http://rootzwiki.com/topic/15134-how-to-get-amazon-prime-video-working-with-rooted-stock/
infinitybiff said:
Solved. Its hacky, but I've confirmed it working. http://rootzwiki.com/topic/15134-how-to-get-amazon-prime-video-working-with-rooted-stock/
Click to expand...
Click to collapse
No offense but this has been around for awhile and is known as a workaround. This thread is about finding a solution instead of having to use a workaround I suppose.
Here is an example of a thread posted in November with this information.
http://forum.xda-developers.com/showpost.php?p=19718688&postcount=6
And another thread in December.
http://forum.xda-developers.com/showthread.php?t=1414235
G1ForFun said:
No offense but this has been around for awhile and is known as a workaround. This thread is about finding a solution instead of having to use a workaround I suppose.
Here is an example of a thread posted in November with this information.
http://forum.xda-developers.com/showpost.php?p=19718688&postcount=6
And another thread in December.
http://forum.xda-developers.com/showthread.php?t=1414235
Click to expand...
Click to collapse
Late to the party i suppose
Sent from my SGH-I897 using XDA App
What ROM were you testing on? Even if you temp unroot with RootKeeper on CM7, Amazon Video will not work (in my experience). The Watch button is always greyed out.
Takenover83 said:
What ROM were you testing on? Even if you temp unroot with RootKeeper on CM7, Amazon Video will not work (in my experience). The Watch button is always greyed out.
Click to expand...
Click to collapse
Have you tried force closing the video app and restarting it while unrooted?
Also does video work on CM7? I have not installed it to try.
Sent from my E4GT using xda premium
mkuehn10 said:
Have you tried force closing the video app and restarting it while unrooted?
Also does video work on CM7? I have not installed it to try.
Sent from my E4GT using xda premium
Click to expand...
Click to collapse
Yep, sure did. Something about CM7 that amazon does not like
Takenover83 said:
Yep, sure did. Something about CM7 that amazon does not like
Click to expand...
Click to collapse
I'm sure it's more than just the Amazon video app you will need to get this working...what apps are installed and are they on the system partition. Can you keep us posted on your progress?
B3L13V3 said:
I'm sure it's more than just the Amazon video app you will need to get this working...what apps are installed and are they on the system partition. Can you keep us posted on your progress?
Click to expand...
Click to collapse
There was 3 or 4 apks I had to install. Cant remember all the names off the top of my head. I know some account apk just to sign into amazon, video. I wish I could be more helpful but do not have my Pc in front of me right now (out and about). But the app its self was runing just fine. I Just was being blocked (even though I unrooted.)
I have an app (calorie counter) that keeps showing a notification there is an update. I don't want to update it because the new permissions seem intrusive (allowing hardware controls - take picture and video).
Does anyone know how I can disable getting a notification about the update?
Cheers,
Open Google play, go to settings and uncheck " notifications" option.
Sent from my Galaxy Nexus using xda premium
That will turn off notifications for all apps though, which I'd rather not do.
Sent from my Galaxy Nexus using Tapatalk 2
Gucci.Nexus said:
That will turn off notifications for all apps though, which I'd rather not do.
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
You could use titanium backup to disassociate the app with the Google Play store. I've personally never done it myself, but I think this is the solution you're looking for
Sent from my HTC One XL using xda premium
Gucci.Nexus said:
That will turn off notifications for all apps though, which I'd rather not do.
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
You can also specify it on a per app basis. Just open the app in Google play and uncheck the checkbox.
Sent from my Galaxy Nexus using Tapatalk 2
Petrovski80 said:
You can also specify it on a per app basis. Just open the app in Google play and uncheck the checkbox.
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
No, you can't
The only check box is for Automatic Updates, not update notifications.
Go to settings, apps, select the app, uncheck notifications.
Solution by using ZipSigner 2
I just came across a solution (android.stackexchange.com/a/25527)
If you've got root access and have the original apk of the version you want to keep at hand (via Titanium backup or copied out of your \data\app folder), you can use ZipSigner 2 to give that apk a different key (auto-testkey).
When you install the apk with its new key, the Play Store will not recognize the installed app and will therefore not try to search or push any updates. :good:
ZipSigner 2 is available for free in the Play Store: play.google.com/store/apps/details?id=kellinwood.zipsigner2
If you have root, you can simply use ti backup to detach an app from the market.
It was assumed op doesn't have root though.
Sent from my Galaxy Nexus using Tapatalk 2
Petrovski80 said:
If you have root, you can simply use ti backup to detach an app from the market.
Click to expand...
Click to collapse
It was my understanding that detaching an app in Titanium does not work anymore since an update from Google Play has more checks on the server side.
http://www.titaniumtrack.com/changelog/titanium-backup/4-8-4-1
Djezpur said:
I just came across a solution (android.stackexchange.com/a/25527)
If you've got root access and have the original apk of the version you want to keep at hand (via Titanium backup or copied out of your \data\app folder), you can use ZipSigner 2 to give that apk a different key (auto-testkey).
When you install the apk with its new key, the Play Store will not recognize the installed app and will therefore not try to search or push any updates. :good:
ZipSigner 2 is available for free in the Play Store: play.google.com/store/apps/details?id=kellinwood.zipsigner2
Click to expand...
Click to collapse
Thanks for this. What a quick and easy solution. Now I can keep the old Foursquare without getting it automatically updated to that new version.
Please note: ZipSigner 2 does not require root!
The solution probably still works. Thanks for the hint!
Now I did test it.
1. Use App Backup and Restore to save the apk
2. Use Zipsigner to give the apk a different autokey
3. Uninstall original app
4. Install the apk modified by Zipsigner, you may need some file manager like TotalCommander for this
It is all possible without root and works well
Gucci.Nexus said:
I have an app (calorie counter) that keeps showing a notification there is an update. I don't want to update it because the new permissions seem intrusive (allowing hardware controls - take picture and video).
Does anyone know how I can disable getting a notification about the update?
Cheers,
Click to expand...
Click to collapse
I know this is an old thread. And I understand that Ti Backup used to work for detaching an app from Play Store. But I also understand that this works no longer. For those who are interested, I have created an app that does a pretty good job of this. It is called Hide Updates In Play Store. There is a video showing the app at work. It does require a rooted device. Thanks
Let me summarize:
- it costs money
- it needs root
- it needs an additional app
- the solution may not persist if you uninstall the controlling app
All these disadvantages can be avoided by reading just one posting higher ...
tag68 said:
Let me summarize:
- it costs money
- it needs root
- it needs an additional app
- the solution may not persist if you uninstall the controlling app
All these disadvantages can be avoided by reading just one posting higher ...
Click to expand...
Click to collapse
You are, of course, correct in the disadvantages. But the above method has its own limitations:
1) I wonder how/if it will work with system apps unless you have root. For instance, I actually wanted to get rid of updates to Google Search since later versions hose-up Utter.
2) It is something of a pain to "undo" since you will loose any settings or data (unless you are VERY CAREFUL) related to the app when you uninstall the "fake-signed" app and re-install the "real" app. Of course, this would also happen during the install of the "fake-signed" app in the first place. In some cases, this may be trivial but in others, it may not. And App Backup/Restore - which I use - fine app - only processes the .apk file.
3) It requires a minimum 2 apps be installed.
4) It isn't terribly easy to do. Developers would likely be able/willing to handle this - or even know what signing is or what to do. But how about others? The first one would be hardest for sure.
Like my solution, it also seems not likely to work with paid apps or apps having in-app purchases. I am not 100% sure, but would guess that the re-signing will mess up most Play Store license checking. Indeed, App Backup/Restore handles these differently and with far less functionality.
Still, for someone who is willing to do it and for those lacking root, the solution suggested above seems like it will work and those who are rooted can certainly save that $1 which can be used to make a one-time purchase of maybe 1/2 cup of coffee at the nearest Starbucks
Cheers!
David, if you would have mentioned the possibility of resigning in the description of your app, maybe even give the manual how to do without your app, I'd much more be willing to believe and support you.
Without that hint it has a little smell of betraying for me, not showing people who do not know better or do not have root that there are cost-free alternatives. But probably I have just to admit that you seem to be good at selling. I usually don't like people who are good at selling.
tag68 said:
David, if you would have mentioned the possibility of resigning in the description of your app, maybe even give the manual how to do without your app, I'd much more be willing to believe and support you.
Without that hint it has a little smell of betraying for me, not showing people who do not know better or do not have root that there are cost-free alternatives. But probably I have just to admit that you seem to be good at selling. I usually don't like people who are good at selling.
Click to expand...
Click to collapse
First, I developed and posted my app on Play Store before I even saw this forum thread with its reference to resigning apps. So I was not aware at the time.
Second, I still have not even tried to confirm that the re-signing approach will work (although I can see that it might). I will take the word of the person who posted this technique that it does indeed work. But I now have a solution that I like and use. So I have no real need to find and test other solutions.
Third, there are often many possible solutions to a given problem. In fact, my original approach to this particular problem was done via Tasker and shell scripts. It worked but was not particularly user friendly. I tried to remedy that in my app. It seems you are saying that a person (me) choosing to implement one possible solution must also run down, verify, and advertise all other approaches. If so, I think that is a bit ridiculous and would appreciate a list of examples of app authors who are doing this who you do "believe and support." I do not think it is very common.
Fourth, I found this thread via a google search. I think it is fair to believe others will as well if they are seeking alternative approaches. So they too can learn about the resigning approach and decide for themselves how to proceed. I never claimed (here on in my app) that mine is the only approach. I never say it is the "best" approach. I do not denigrate proponents of other approaches. I only implemented one approach that seemed reasonable to me. I posted here so others who suffer from this weakness in Play Store can, if they wish, can check it out for themselves. Play Store gives buyers 2 hours or so to test the solution and decide if it works for them. If not, they are free to return the app and cancel the sale and charge.
Fifth, if you check my list of apps on Play Store, you will see that they are all very small apps and all are either free or very low cost. All of these apps were the result of my trying to resolve situations that I found personally irritating. I then thought that maybe others would find them useful as well. If you look at the number of installs for all of my apps combined, I think you will find that I am NOT at all good at "selling". Indeed, if the net proceeds from all of my paid apps combined exceeded much more than $300 total it would be a miracle. With programming, testing, and support time this likely works out to be maybe $0.10 per hour. I figure the market for this app will be no larger than my previous apps and at $1 per sale, it will be a while before I can use the proceeds to buy even a six pack of beer (especially after Google takes their cut). So I can hardly be considered a successful salesman. If only that were true! I do sell some of my apps. But truth be told I really do this, not for the money, but so I can show some revenue to the tax authorities so they permit me to write off some computer-related expenses.
I am sorry you feel "betrayed" by me somehow. And I am sorry that you have somehow decided that you don't like me for the rather limited reasons you have managed to list here. I really do not think I have given you or anyone else cause to reach such conclusions. It really makes me kind of sad. But you are entitled to your opinions and I will leave it at that as I walk away in wonder.
You admit that you googled where you could post ads for your app, did not even have a look what was last written in the thread and then sent your ad? In my opinion that IS Spam, nothing else ...
So thank you for the offer, and for staying away from this thread in future. For everyone who needs a good working solution free of cost and less use of resources but with a bit more manual handling of apk-files, have a look at posting #13 of this thread.
Djezpur said:
I just came across a solution (android.stackexchange.com/a/25527)
If you've got root access and have the original apk of the version you want to keep at hand (via Titanium backup or copied out of your \data\app folder), you can use ZipSigner 2 to give that apk a different key (auto-testkey).
When you install the apk with its new key, the Play Store will not recognize the installed app and will therefore not try to search or push any updates. :good:
ZipSigner 2 is available for free in the Play Store: play.google.com/store/apps/details?id=kellinwood.zipsigner2
Click to expand...
Click to collapse
Thank-you! That worked like charm!!
Hi. Apologies for the noob question. Is it possible to get banking apps, PayPal etc to work on lineage ? I've installed magisk but don't know how to configure it, even if it will do what I need. Is there a guide somewhere? Thanks.
aneng64 said:
Hi. Apologies for the noob question. Is it possible to get banking apps, PayPal etc to work on lineage ? I've installed magisk but don't know how to configure it, even if it will do what I need. Is there a guide somewhere? Thanks.
Click to expand...
Click to collapse
First of all, you will harm the security of your transactions if you wanted to use banking apps on a rooted phone.
Secondly, if such a banking app will work on a phone with root hidden by magisk, I would advise you to give up such an app or bank for the reason I mentioned in the first sentence.
ze7zez said:
First of all, you will harm the security of your transactions if you wanted to use banking apps on a rooted phone.
Secondly, if such a banking app will work on a phone with root hidden by magisk, I would advise you to give up such an app or bank for the reason I mentioned in the first sentence.
Click to expand...
Click to collapse
Why.... precisely? Beyond the generic rubber-stamp warning that rooted/custom ROM devices lack the security of stock builds, what data do you have that proves that running banking apps on phones with root/custom ROMs is likely to result in theft of my money?
aneng64 said:
Why.... precisely? Beyond the generic rubber-stamp warning that rooted/custom ROM devices lack the security of stock builds, what data do you have that proves that running banking apps on phones with root/custom ROMs is likely to result in theft of my money?
Click to expand...
Click to collapse
Generally speaking, this is how money can be stolen at the very least, but also more, since identity verification can also be done with bank accounts.
Do not combine "rooted" with "custom", as there is no close relationship.
Oh... I see. Thank you. I have no need for root to be honest. I just need to be running Lineage OS. Is that safe to use unrooted?
aneng64 said:
Oh... I see. Thank you. I have no need for root to be honest. I just need to be running Lineage OS. Is that safe to use unrooted?
Click to expand...
Click to collapse
Root does not increase the level of safety. It's good for you to use the original LineageOS, if it exists for your phone, and not use TWRP. It's likely that the bank's app won't object.
Just started to using LineageOS official last release from there website ((lineage-19.1-20230302-nightly-pioneer-signed)) . i have there mindtegapps for google integration. the problem is my carrier money transfer app crashs and doesn't starts. before i changed to LineageOS. this app was working on my phone original rom. is there any thing i can do to try to fix it? like crash logs or something i can try? i tried Google Carrier Services and Android System WebView. but nothing changed. it still crashs. is there away i can know which is the last supprted OS for that app? i mean they could just have not updated there app to newest google framework. idk for sure i am just guessing.
the app name " Orange Cash "
PC is rooted by default. People use banking sites and programs on PCs.
Phone will require same steps to prevent money steal.
Generally it is not the rooted phone by itself is source of trouble but user actions.
If user installs shady autocraticker from google play and give permissions to it thief would not need root to steal money.
To send a link by email or messanger and ask to enters credit card information thief does not need root permissions.
Criminals don't expect phone to be rooted. They pray on inattentive users.
It is often possible to have control of your own device with root and use banking.
Some banks allow to use browser instead of app.
Bank usually would call on the phone to accept login and transactions for additional security.
Decision depends on how much money user has on banking account, and how careful he is.
veseihaty said:
PC is rooted by default. (...)
Click to expand...
Click to collapse
That's why there are no PC banking applications/programs.
Using banking applications increases the security of transactions, which using only a web browser does not.
Thanks to apps, banks have the ability to continuously improve security on phones that have stopped getting security patches from the phone manufacturer. The use of push technology makes banking apps a cheap token.
The banks' action on this issue is beneficial to customers.
ze7zez said:
Generally speaking, this is how money can be stolen at the very least, but also more, since identity verification can also be done with bank accounts.
Do not combine "rooted" with "custom", as there is no close relationship.
Click to expand...
Click to collapse
What are you talking about? Rooting means *the user* has control over the device, vs the manufacturer. Not giving the user root privileges is all about the manufacturing retaining control over what you do with the device, and being able to push its bloatware on you, and nothing to do with security.
HOW exactly does giving the user root access damage security in any way?
I'm gonna go ahead and say that not only having root access does NOT threaten security, but the other way around, it improves it, as I can remove all the unsafe apps the manufacturer bundled with my phone.
You are wrong, you were asked to back up your claims, and you did not actually do so.
almafuerte said:
What are you talking about? Rooting means *the user* has control over the device, vs the manufacturer. Not giving the user root privileges is all about the manufacturing retaining control over what you do with the device, and being able to push its bloatware on you, and nothing to do with security.
HOW exactly does giving the user root access damage security in any way?
I'm gonna go ahead and say that not only having root access does NOT threaten security, but the other way around, it improves it, as I can remove all the unsafe apps the manufacturer bundled with my phone.
You are wrong, you were asked to back up your claims, and you did not actually do so.
Click to expand...
Click to collapse
Read the "Payment Services Directive 2", analyze, understand and acknowledge.
The XDA forum is for discussion, not for answering every question asked. That's what google is for, for example.
Yes, just use magisk delta.
ze7zez said:
Read the "Payment Services Directive 2", analyze, understand and acknowledge.
The XDA forum is for discussion, not for answering every question asked. That's what google is for, for example.
Click to expand...
Click to collapse
Why should I care about a European regulation, considering I'm not in Europe, and my bank is not European?
Regardless, said spec doesn't really give ANY justification either as to *why* a rooted phone would actually be unsafer in any way.
You didn't say "Because a stupid spec says so", you said "because of security concerns", of which there aren't any.