This isn't about the bank's security - it is about the users'. Users are los...

edent • last Friday at 5:26 PM • 2 replies • view on HN

This isn't about the bank's security - it is about the users'.

Users are losing billions worldwide due to fraudulent apps. If a user has root and runs a malicious app, it can intercept what a legitimate banking app does. A scam app with root can draw over the screen and tell users to transfer money, or it can run a series of actions when the banking app is running, or do any of a hundred things to steal money.

Replies

hackyhacky • last Friday at 5:43 PM

> A scam app with root

Sure. But the people who are actually rooting their phones are advanced users and aren't going to install a malicious custom OS. Are naive users getting tricked into rooting their own phones? I'm dubious what the security benefit is of this decision.

➕ show 1 reply

dvngnt_ • last Friday at 5:44 PM

> A scam app with root can draw over the screen and tell users to transfer money

On android, I believe this can be done rootless via accessibility permissions that can display on top of apps

➕ show 1 reply

alt Hacker News

Replies