alt Hacker NewsYour parents are more likely to be a victim of a phone call scam than malware, even on PC. There is also no guarantee that malware will not slip through cracks of official stores or signatures.
You can also choose to do your banking at the physical branch.
We already had "best of both worlds", especially on mobile OSes - granular permissions per-app were quite good, and on Android until few years ago root was widely available if you needed it as well; these permissions could be locked or frozen if there is concern about users, just like work devices are provisioned with limitations. It all depends on your threat model.
Replies
Phone scams have you install malware. Banks don’t know if you’re on the phone with the scammer, but they would like to detect if you’re using a screen sharing app on the password or transfer screens.
> You can also choose to do your banking at the physical branch
The ones banks that do have physical presence are closing left and right? Also, I don’t think I can money transfers at the physical office of my bank.
Also the good old phishing emails/links. So many people are simply unaware when a website is pretending to look like an app/floating window. Even younger people who you'd hope know better are falling for it today. I work on a PC game and players (mostly young adults) are constantly getting their accounts compromised by the same phishing sites that pop up monthly.
AI voice and video cloning scams are also only going to increase. Why would scammers need to get people to install random APKs when they can just impersonate a family member and tell them what to give directly?
To me it seems very much like the classic "think of the children" type argument. It's not going to really fix anything in the end but it will benefit Google.
> Your parents are more likely to be a victim of a phone call scam than malware, even on PC. There is also no guarantee that malware will not slip through cracks of official stores or signatures.
So what? The lack of perfect security is a terrible argument against better security.
For example, lockpicks exist. Is that a reason to stop locking your house? Our TLS ciphers might eventually be broken. Should we throw away TLS and go back to unencrypted HTTP?
I'm not expecting anything to 100% stop all scams. But modern computer security is a joke. We could do an awful lot better than we are today at keeping people safe from this stuff.
> We already had "best of both worlds", especially on mobile OSes - granular permissions per-app were quite good, and on Android until few years ago root was widely available if you needed it as well
Yes. I want something like this on desktop too - but I want to own the signing keys, of course. It seems strange that this is so controversial.
In the netherlands we do not have physical branches anymore. They died out. All banking started to go through browser. This was very sensitive to malware and viruses, so two-factor was added through phones. Then less and less people had PCs because phone provides enough. Now mobile apps for banking is the only way to do banking. Or it is required for MFA. Even if you’re calling with the bank it is used as MFA