What if we collectively decide to use the web alternatives for banking?
We lose some convinience since they are generally desktop oriented, but they don't check who signed my kernel
thombles · 59m ago
My bank recently made it that app-based MFA must be used for every single web login. Unless I and many others are willing to swap banks in the vain hope that the new bank won't do the same thing (I am not), then we're cooked.
lrvick · 2m ago
Just say you do not have a compatible device. Special undocumented alternatives appear every time in my experience.
dingnuts · 16m ago
fuck it back to cash
PeterStuer · 40m ago
Many banks are slowly phasing out their websites to go app only.
derwiki · 16m ago
Which ones?
MathMonkeyMan · 54m ago
I uninstalled banking related apps from my phone years ago. I used it so infrequently that every time I did use it, it was as if it had been newly installed and didn't remember anything about me. Now I use a desktop web browser for anything finance (and it's Firefox on Linux, so thankfully that works for now).
pastage · 46m ago
The phone will be used as MFA, and that will have requirements especially on Android versions. So it is going to be harder to escape it, it is darn comfortable using Android as a MFA. Many banks still use a custom device for MFA here but is is slowly going away.
BankID in Sweden and similar in other European countries.
PeterStuer · 36m ago
For now the custom issued 2FA is still an inconvenient option, but nearly everyone uses the phone for 2FA as it is so much faster.
1gn15 · 1h ago
Also, use ATMs if you can instead. Don't use propietary code on your own machine; run it on theirs instead.
falcor84 · 52m ago
I don't understand the sentiment - how does relinquishing control of the hardware help us? I see a possible future where the banks/governments give the people devices to use for these things, and I don't like this future, as these would surely become spy instruments.
defanor · 7m ago
Not OP, but sharing the sentiment (never had banking or similar software on a phone, yet using ATMs, banks' web interfaces, offices). Avoiding interaction with a bank completely is rarely viable these days, and they will run their software on their hardware to operate either way (whether it is an ATM, a bank office, or a website). I do not see it as relinquishing control of the hardware, since you are not expected to control a bank's hardware in the first place. While setting it on your phone comes with the usual risks of running proprietary software on your machines, such as sneaky data collection. If banks/governments will give mobile devices to people for that, those may act even a little more like electronic ankle bracelets, but they would also be isolated from your other data and software; in places with near-mandatory government software, some choose to create such an isolation by having multiple devices for different purposes.
card_zero · 19m ago
In what way, if supplied by the bank and used only for contacting the bank to do banking, could a device become a spy instrument?
Kicking banks off the internet/apps would make Android and Apple less cushy.
falcor84 · 1m ago
> In what way, if supplied by the bank and used only for contacting the bank to do banking, could a device become a spy instrument?
Here's my attempt at future history: Firstly they'll require you to prove your current location, to ensure that the request isn't made by a remote hacker; they'll do this by integrating their own cellular modem, as well as scanning local wi-fi networks. Then, at a second phase, they'll integrate a camera and microphone to perform a face identification, asking you to speak out a particular phrase while performing a particular motion. At the start they'll only require you to turn the mic and camera on during active usage, but eventually they'll say that these have to stay on continuously so that they can ensure that the device wasn't tempered with. And if we aren't careful, we'll accept every single small added requirement, until we're boiled alive.
p0w3n3d · 36m ago
It sounds like an implementation of the Orwell's 1984 telescreen
PeterStuer · 32m ago
ATM's are disapearing. There used to be one at every corner. Now, I have to travel to the next village that has just one left at the train station.
Cash is positioned as suspicious. In 10 years, it might very well be illegal.
scrubs · 6m ago
Not in the US... have you seen the first or second Shrek movie where a monster busts in on a Starbucks and all the scared customers run across the street to another Starbucks? Like a virus they're everywhere. Same thing for atm machines. Cash is doing just fine.
lifthrasiir · 1h ago
Except they did in several countries, typically using activeX.
userbinator · 1h ago
The alternative is older versions of Android, from before these hostile changes. The propaganda that it's "unsafe" is just that, propaganda. Perhaps Google will realise once enough of the population refuses to put on the noose.
zx8080 · 1h ago
It's totally unfeasable for those using stock deviced. Refusing to upgrade takes lots of attention even from experienced users like developers. Regular user just doesn't have any chance to avoid accidentally clicking or intentionally accepting the annoying permanent notification to upgrade OS.
userbinator · 1h ago
It's the norm for the huge number of users with devices where there is no newer upgrade available from the original manufacturer. Back when Android was great(tm) there were far more of those than today.
PeterStuer · 30m ago
The bank app, mandatory updated to the latest version, does not run on old android.
saidinesh5 · 1h ago
The problem is not the propaganda, it is the businesses restricting the freedom and choices of users because of this propaganda.
So many apps even refuse to be installed on older versions of iOS/Android.
userbinator · 11m ago
So many apps even refuse to be installed on older versions of iOS/Android.
That's because they see older versions of Android decrease in usage so they think it's fine to lock them out and potentially lose customers[1], but they're not going to do that to the majority of them.
If the majority stops falling for the propaganda and "upgrading" to a worse experience, other businesses will follow.
[1] I have told businesses that changes to their site have made me no longer want to do business with them, and seen responses ranging from complete dismissal to quick reversion.
scotty79 · 1h ago
What about GrapheneOS?
zx8080 · 1h ago
I'm not going to buy Pixel feeding Google further with my pennies just to use GrafeneOS.
fzorb · 30m ago
Well you can always buy second hand/refurbished.
zx8080 · 1h ago
Is it a joke? Have you seen the list of supported devices?
I don't do banking on my phone. I really don't understand why anyone would. If I can't get to my PC or laptop, I'm probably near an ATM. I've already given so much autonomy to Google/Alphabet/Apple, I won't give them access to my bank account.
em-bee · 50m ago
even if you use a computer to do banking, like i do, some banks still require an app for 2FA, or windows...
ATMs won't let me send money or do any other kind of maintenance
stein1946 · 44m ago
Again, technological measures against this kind of attacks on ownership rights fall short and are probably what conglomerates want since it keeps the tech people busy in a self-satisfying "fight" against the big corporation.
You need legislation.
kikokikokiko · 1h ago
A little bit overkill to use a dependency to just show a dialog. I agree that Google ia making Android less and less free with every new release, but show a damn dialog, no need to use this.
Kwpolska · 8m ago
It's also pretty sloppily coded, with the same code repeated in both branches of the `if`...
Sounds right. Though may aid in spreading the practice if it accumulates stars, goes viral on places like this?
No comments yet
scotty79 · 1h ago
I think creation of this repo is more of a statement than creation of utility.
ethersteeds · 25m ago
I would say it's both a statement and a way to encourage other developers to "speak with one voice". Like handing out printed signs at a protest.
camdroidw · 1h ago
What would be my options as an end user who does not want to root his device
userbinator · 1h ago
who does not want to root his device
Why not? Freedom isn't a given --- you need to fight for it.
Kwpolska · 15m ago
Rooting a device will usually cause banking apps to stop working.
userbinator · 10m ago
There are still workarounds. The way to win is to keep fighting.
aydyn · 1h ago
Cry in a corner ig?
zx8080 · 1h ago
Maybe use iphone? There will be not much advantages left on Android side after that shit gets go.
politelemon · 1h ago
Even without side loading there are several advantages and freedoms that Android has unmatched.
littlecranky67 · 57m ago
such as? Curious, because on iOS you can freely install browser extensions (adblockers like uBlock origin lite) from the get go. Still boggles my mind that Chrome does not allow extensions.
import · 22m ago
Like what? I am curious what’s left
scotty79 · 1h ago
I might just move to whatever Chinese come up with. By 2027 their tech should be clearly superior in every way.
add-sub-mul-div · 48m ago
I assume my S20+ won't get this because it's stopped getting anything but security updates. Sometime next year I'll look for the latest phone that's too old to get the new behavior.
Krasnol · 1h ago
Wouldn't it be nice if, in this time of feeding our IDs to the machine, there would be someone who would also offer some nice and easy way to identify ourselves digitally? Maybe someone who sits on all that unverified advertisement tracking data already and somebody who has an AI agent to feed?
Fascinating that the same company producing zero knowledge proof implementation didn't think to use it for the purpose they mention here. Do these departments not talk to each other?
rippeltippel · 12m ago
It's Google we're talking about. Likely the left hand has no idea of what the right hand is doing. And it's got far more than two hands.
everyone · 1h ago
google seem to have the multi-pronged attack on android devs going on atm. They are seemingly trying to take down as many apps and dev accounts as possible.. Anyone know why?
1. doxx yourself of they kill your account
2. re-build every app with pointless newer api version literally every year or it gets taken down.
3. Push an update or a new app or they kill your account.
..
My guess is enshittification, some random exec is trying to save a few pennies in server and storage costs.
..
I'd also say that google makes so much money from ads and data-brokering that everything else they do is not vital for their survival and thus undergoes a sort of "genetic drift" where they just make random decisions.
peddling-brink · 1h ago
> 1. doxx yourself of they kill your account
Combat abuse. I don't think this is a solvable problem, so obviously this won't be a silver bullet. But maybe will it impose more cost on the abusers creating a nicer app store experience for everyone. Or maybe this only imposes cost on the honest ones? I don't know how much validation they do.
> 2. re-build every app with pointless newer api version literally every year or it gets taken down.
Fix vulns. This also gets rid of abandoned apps. It also probably provides an "opportunity" for the dev to agree to new T&C.
> 3. Push an update or a new app or they kill your account.
This one seems shakier to me, but it might feed into an effort to get rid of abandoned apps. But I disagree with this being healthy for the ecosystem, if that's actually the reason.
I'm not trying to defend google, but from working in FAANG, some of this is obvious. None of these things save a significant amount of server or storage costs. Some of it is clearly anti-abuse and efforts to defend themselves from the constant stream of crap that tries to make its way into the app store.
> everything else they do
Google isn't like some dude (sundar) making decisions. It's a bunch of millionaires and billionaires making decisions. There's some high level guidance, but the difference between different divisions is 100% based on who's running that particular show.
fer · 25m ago
I thought this applies to every app regardless the app store it comes from? Including side loading. The Play Store is already "sanitised".
8n4vidtmkvmk · 17m ago
What's wrong with "abandoned" apps? I still use an app called DiskUsage. Not sure you can still get it on the store or it comes with scary warnings now. Continues to work great. Never found a replacement. Don't want a replacement. This one works.
When an app works but keeps getting updated, that means the enshittification is starting. How else do you extract money out of a completed app?
bloqs · 36m ago
background political lobbying. its part of the effort from most of the west (not the US yet) to verify users on devices to 'protect kids'
tomrod · 1h ago
Google cut off their own revenue legs with AI suggestions instead of ads.
Thats okay, they jumped the shark when the imperative for ads took over.
zx8080 · 1h ago
> Add the JitPack repository to your root build.gradle
How much MB (kb?) does this dependency add to apk?
nulld3v · 1h ago
Given that it's just a couple lines of code and has no other dependencies other than AppCompat (which nearly all apps already use), the increase in size would be negligible (<4KB).
I don't think this meets the bar for copyrightable code. Copyright protects creative expression. Displaying a single dialogue does not take creative expression, and pretty much any developer given the task would produce code identical to this.
croemer · 1h ago
Don't complain about the license. The license removes any doubt. You can happily use it without having to worry. If there was no license you'd have uncertainty.
Also you're misquoting. The license is GPL-3, not AGPL.
TheDong · 1h ago
I'm not complaining about the license, I'm complaining about the library size.
Something that is too small to be considered creative should be a documented example you copy and adopt into your app, not a dependency.
The only exceptions to this are things like "A dependency that contains all unicode planes and categorizes characters", which isn't creative, but is useful and too large to copy-paste, and also updates over time.
Or the timezone database file, another case of something that should be "public domain" knowledge (uncopyrightable), but makes sense as a dependency.
This is not that sort of thing.
ronsor · 1h ago
Yes, this code is almost as trivial as a hello world.
chrismorgan · 1h ago
Have you looked at the code? I sure wouldn’t produce exactly that. Even for identical functionality, its FreeDroidWarn.java methods are 30 lines, I’d write it in 13 lines. I also wouldn’t write exactly the same strings (some stylistic changes, some being specific rather than generic as is somewhat necessary for a library), and definitely couldn’t produce 17 other translations.
This easily meets thresholds for creative work. The basic concept is nigh-trivial, but the concrete implementation is still creative.
userbinator · 1h ago
and pretty much any developer given the task would produce code identical to this.
That I doubt; it seems more like it's deliberately large and complex enough to be copyrightable, because otherwise it wouldn't be.
But we don't have anything like FF as an alternative to go from Android. Especially considering banks require "certified OS".
I also switched banks so I can use my bank card as the 2FA device, similar to CAP. [0]
[0]: https://en.wikipedia.org/wiki/Chip_Authentication_Program
BankID in Sweden and similar in other European countries.
Kicking banks off the internet/apps would make Android and Apple less cushy.
Here's my attempt at future history: Firstly they'll require you to prove your current location, to ensure that the request isn't made by a remote hacker; they'll do this by integrating their own cellular modem, as well as scanning local wi-fi networks. Then, at a second phase, they'll integrate a camera and microphone to perform a face identification, asking you to speak out a particular phrase while performing a particular motion. At the start they'll only require you to turn the mic and camera on during active usage, but eventually they'll say that these have to stay on continuously so that they can ensure that the device wasn't tempered with. And if we aren't careful, we'll accept every single small added requirement, until we're boiled alive.
Cash is positioned as suspicious. In 10 years, it might very well be illegal.
So many apps even refuse to be installed on older versions of iOS/Android.
That's because they see older versions of Android decrease in usage so they think it's fine to lock them out and potentially lose customers[1], but they're not going to do that to the majority of them.
If the majority stops falling for the propaganda and "upgrading" to a worse experience, other businesses will follow.
[1] I have told businesses that changes to their site have made me no longer want to do business with them, and seen responses ranging from complete dismissal to quick reversion.
https://grapheneos.org/releases
(Pixels only)
ATMs won't let me send money or do any other kind of maintenance
You need legislation.
https://github.com/woheller69/FreeDroidWarn/blob/master/libr...
No comments yet
Why not? Freedom isn't a given --- you need to fight for it.
I'm sure everybody would profit from that...
https://blog.google/products/google-pay/google-wallet-age-id...
1. doxx yourself of they kill your account
2. re-build every app with pointless newer api version literally every year or it gets taken down.
3. Push an update or a new app or they kill your account.
..
My guess is enshittification, some random exec is trying to save a few pennies in server and storage costs.
..
I'd also say that google makes so much money from ads and data-brokering that everything else they do is not vital for their survival and thus undergoes a sort of "genetic drift" where they just make random decisions.
Combat abuse. I don't think this is a solvable problem, so obviously this won't be a silver bullet. But maybe will it impose more cost on the abusers creating a nicer app store experience for everyone. Or maybe this only imposes cost on the honest ones? I don't know how much validation they do.
> 2. re-build every app with pointless newer api version literally every year or it gets taken down.
Fix vulns. This also gets rid of abandoned apps. It also probably provides an "opportunity" for the dev to agree to new T&C.
> 3. Push an update or a new app or they kill your account.
This one seems shakier to me, but it might feed into an effort to get rid of abandoned apps. But I disagree with this being healthy for the ecosystem, if that's actually the reason.
I'm not trying to defend google, but from working in FAANG, some of this is obvious. None of these things save a significant amount of server or storage costs. Some of it is clearly anti-abuse and efforts to defend themselves from the constant stream of crap that tries to make its way into the app store.
> everything else they do
Google isn't like some dude (sundar) making decisions. It's a bunch of millionaires and billionaires making decisions. There's some high level guidance, but the difference between different divisions is 100% based on who's running that particular show.
When an app works but keeps getting updated, that means the enshittification is starting. How else do you extract money out of a completed app?
Thats okay, they jumped the shark when the imperative for ads took over.
How much MB (kb?) does this dependency add to apk?
EDIT: The AAR file is 26KB: https://jitpack.io/com/github/woheller69/FreeDroidWarn/V1.3/... But most of it looks to be from R.txt and I think that file gets deduped/compressed during app packaging?
I don't think this meets the bar for copyrightable code. Copyright protects creative expression. Displaying a single dialogue does not take creative expression, and pretty much any developer given the task would produce code identical to this.
Also you're misquoting. The license is GPL-3, not AGPL.
Something that is too small to be considered creative should be a documented example you copy and adopt into your app, not a dependency.
The only exceptions to this are things like "A dependency that contains all unicode planes and categorizes characters", which isn't creative, but is useful and too large to copy-paste, and also updates over time.
Or the timezone database file, another case of something that should be "public domain" knowledge (uncopyrightable), but makes sense as a dependency.
This is not that sort of thing.
This easily meets thresholds for creative work. The basic concept is nigh-trivial, but the concrete implementation is still creative.
That I doubt; it seems more like it's deliberately large and complex enough to be copyrightable, because otherwise it wouldn't be.