(Rant)

At somepoint, HSBC decided KDE Connect installed via F-Droid is less secure.

Photo of the HSBC UK app urging I install KDE Connect via GPlay or Galaxy Store

Then it decide non-whitelisted keyborads are a security risk. Only Gboard and Samsung Keyboard is confirmed within the whitelist.

Photo of the HSBC UK app telling me to switch input method citing security risk


I understand the point that risk can be introduce at various points, yet this is simply too much. Yeah there are people phone infected by malware but from Play Store. Not a single time I heard one ever happened on F-Droid distributed apps, at least not from the official repo. Also, I will put more trust on an open source keyboard than any proprietary keyboard.

Furthermore, I’m shocked that an app can read my app list, and current keyboard (introduced in Android 14). This just make building a profile much easier as I belive everyone almost have an unique set of apps they like. I don’t think any apps need such functionality. Why the f it needs to care what input devices I uses? This make me worry more about untold (aka burried deep in Privacy Policy) data collection.

    • Virkkunen@fedia.io
      link
      fedilink
      arrow-up
      18
      ·
      2 months ago

      You do know screenshots exist

      App doesn’t allow screenshots or screen sharing as part of the security features

      Also, don’t do mobile banking

      Many times that’s simply impossible depending on the bank, and it’s wholly inconvenient for most people. Security wise, it also depends on way too many variables, so you can’t just tell people to not do it and don’t elaborate further.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        3
        ·
        2 months ago

        They there is little room to complain about the app. If you willing make yourself dependent on an app you might be out of luck.

    • Kayana@ttrpg.network
      link
      fedilink
      English
      arrow-up
      12
      ·
      2 months ago

      Actually, I wouldn’t be surprised if screenshots are disabled in that app considering the rest, to “stop leaking sensitive information”.

    • Robin@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      2
      ·
      2 months ago

      You want us to yell out our credit card details over the phone like the good old days?

        • Railcar8095@lemm.ee
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          2 months ago

          I don’t think normal people use cash over the phone. I think you’re thinking Star trek teleporters?

          • oldfart@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            2 months ago

            Why are you ordering stuff over a phone call and what does a smartphone app have anything to do with it lol

            If you mean ordering from a phone shopping app, 1) you can just enter credit card details into the app, you don’t need your bank’s software, 2) you can just use a website on a computer

          • Possibly linux@lemmy.zip
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            2
            ·
            2 months ago

            Why would you pay over the phone? Maybe I’m missing something but you can enter your card info or you can go in person and pay.

            At least that’s what I do personally. I’ve always found mobile phone based payments problematic. However, if there is ever some sort of Foss payment system I’m ready to give it go. (Taler)

            Is it that common to pay over the phone? Do you give them some sort of code? How does that work?

    • T156@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      If the app is so paranoid that it refuses to work after detecting a different keyboard, I should be surprised if it allowed screenshots.