As I mentioned in another post: By 2026, you'll need two phones. My current setup:

    1) An unmodified iPhone SE (2022 model) with OS support until 2032. This runs all my authentication, banking, health, etc. It is in airplane mode 99% of the time unless I need it.

    2) The second is a Pixel 9a with Graphene OS for daily use, routing and internet access.

Cory Doctorow predicted this outcome back in 2011:

The Coming War on General Purpose Computation

https://boingboing.net/2011/12/27/the-coming-war-on-general-...

> does stop malware.

unrelated to phones a lot of (more professional) malware has moved to not persist itself in root space (or at all) as to not leaf traces (instead it will just rely on being able to regain root access as needed every time you reboot with all the juicy parts being in memory only (as in how often do you even roboot your phone))

I think (but am not fully sure) this also applies to phone malware.

I.e. no it doesn't work.

Not unless you

- ban usage of all old phone (which don't get security updates)

- ban usage of all cheap phones/phones with non reliable vendors

- have CHERY like protections in all phones and in general somehow magically have no reliable root privilege escalations anymore

Oh and advanced toolkits sometimes skip the root level persistence and directly go into firmware parts of all kinds.

Furthermore proper 2FA is what is supposed to make online banking secure, not make pretend 2FA where both factors are on the same device (your phone).

And even without proper 2FA, it is fully sufficient to e.g. classify rooted phones as higher risk and limit how much money can be transmitted/handled with it (the limit should ignoring ongoing long term automated repeated transactions, like rent).

There really is no reason to ban it.

I guess you can still do banking on your PC?

I stopped using banking apps on my phones a few years ago - they got more and more annoying, and I don't buy into the "the device is secure and should be used as a trust token". So I'm now back to banking only on my computer, with a hardware token for TAN generation.

Are you sure it actually works ?

Outdated but signed ROM with tons of unfixed CVEs will be still considered totally fine.

Latets Lineage OS or Graphene OS will be rejected.

Consumer level security always has to contend with the lowest common denominator. As my 80 year-old mother‘s technical support team I can testify that she will download and install anything she sees on Facebook. The consumer security world has to protect us from people like her. It’s also the reason I will only allow her iOS devices.

> We are moving to a model where the user is considered the adversary on their own hardware.

That has been the model since day one, since you are using spectrum that, because the end users are not licensed, requires it. Radios in 100% of commercially available phones are locked to prevent user tampering.

You don't get root on your debit card either, despite it running a computer.

Personally I just don't use a banking app. The website works fine? I don't like the idea of having to use something from the Apple App Store or the Google Play Store, both companies of which could randomly decide I don't need to exist and cut off my access. ... no thanks? So I don't run "apps" at all. If your business is only available that way, sorry! But "I don't have a smartphone" tends to signal to the receptionist that they'll need to explain the myriad of other ways to do business.

>does stop malware

Doesn't stop state approved malware in all its forms.

“Irrefutable part” is easily refutable. Malware ran by governments and agencies is still malware.

> Locking down the bootloader and enforcing TEE signatures does stop malware.

I have no idea about the kind of malware you're talking about.

> moving to a model where the user is considered the adversary on their own hardware

I think we’ve been there at least since the first iPhone, and it’s now entirely normalized for the average user.

The problem is that we're supposed to use these "secure apps" on our own devices.. but since they need these enhanced security guarantees, our own devices cease to be ours.

Yeah. Tech companies are coming for our hardware. Next step is OSes with agentic AI turning it from a system with frameworks and libraries with apps seperate from the base system, into a system that only runs AI models that the "owner" of the hardwre has no control over and the lines between the OS and the AI is very blurred.

This totally beats the purpose of owning or using tech. Might as well go off grid and live a non-tech life.

Big tech wants to colonize our hardware completely because data centers alone ain't cutting it.

1$ Trillion has to be paid back to the investors plus interests. They screwed up with AI and we have to pay for it. Or maybe they didn't screw up because big money always gets bailed out by the plebs.

I really like this comment. I similarly don't like that banking is, from no collusion just internal incentives, locking out any users not opted into the Chromium hegemony.

> The irrefutable part here is that the security model works.

Yes! And that business model should be allowed.

This leads me to worry the notion of "user agency" may be misplaced, meaning, aimed at the wrong level of the stack. It would seem both open (general compute ethos) and secure devices (appliance ethos) have a right to be in the market. So…

### Perhaps user agency should be at the experience level. ###

We couldn't plug Sega Genesis cartridges into Nintendo 64. We understand this about consoles. If we remap mobile devices into consoles, it seems less obvious their internals should be opened and tinkered with by end users.

User agency seems more at the level of picking a console family, and it's often for the whole brand aura including both the console itself and safeness-to-permissiveness dial by which the brand curates its the cartridges (spectrum from Nintendo to Apple to Sony to Microsoft and Steam). A free market for mobile devices or desktops would likely sort out a similar spectrum of just-works to fidget-able. If you choose the Nintendo 64, you wouldn't expect to run arbitrary software on it as you would expect on Dell.

We hackers are capable of figuring out how to make Nintendo 64 software; our neighbor does not need or want those affordances, they want just works, no headaches. This idea that the user must be able to open their digital watch or toaster oven and change how it is wired glosses what users actually choose: the conveniently toasted meal.

At the same time, business models around the curation and appliancification of digital tools, blurring the lines from hardware through solid state through firmware to software into a single product users can choose, must be defended.

If I want to dev for a secure product, I similarly must be OK opting into the supply chain security model (with Apple, registering as a dev in order to exchange cert material and bypass consumer paths to loading software I'm making for the platform) that allows that product to be secure, and opted into by users with money to buy my app, that caused me to want to develop for it in the first place.

Users must have a right to buy an appliance that isn't fiddle-able. Not mandated to, as this article sounds, but allowed to as the EU is trying to deny. Such products have a right to exist, and such business models have a right to exist.

And then, user agency remains as simple as use dollars to buy a product offered through a biz model that matches the user's goals, rather than regulate to disable business offerings offerings/products that don't, and developer agency is to pour energy into the platform that aligns with one's ethos.

If more money is to be made on a platform with a different ethos, perhaps it's worth reflection rather than rants.

Does it? Are you telling me banking apps have no choice but to go to this extreme when none of my seven US financial institutions even implement TOTP?

This is lazy control.

Only if the vendor isn’t plying malware themselves.

The only solution is to force some semblance of user agency on those models, such that the vendor isn’t imposing from above.

> you are locked out of the economy?

Not that it excuses the withdrawal of user agency. But I've never used a banking app on my phone before. Anything important I still like to do on a desktop.

Though how much longer that's safe, who knows. Apple's model of requiring their permission to run code on your own device will probably spread to everything given enough time.

These banks don’t have websites?

[dead]