zlacker

>>wicket+(OP)
My Android phone prevents me from taking screenshots if an app author doesn't want me to.

My Android phone prevents me from recording phone calls at the request of my carrier, even though it's totally legal for me to do so in my jurisdiction.

I'm not loving where this is all going.

>>jeffpa+D5
I tried to debug a google pay issue with a Bank once:

- Bank told me to go to Google.

- Google support told me to go to the Bank.

- (... few emails later...)

- Google support told me to make screenshots of the banking app and google pay.

So have a second phone ready, or stop complaining :) A few years later and 3 phones later... it works again!

>>szszrk+5E
Google Pay requires SafetyNet verification, which means it only works with a Google-approved hard & software combination, so not with GrapheneOS for example...

I hate that banks use this proprietary "standard" for NFC payments

>>preiss+LJ
I get where that one is coming from though - tap-to-pay is considered second-factor-authenticated, aka no PIN entry is necessary at the PoS terminal because the user already entered their PIN or presented biometric credentials to the smartphone.

If a malware were able to snatch the key material that represents the credit card outright or it could (by running as root) act to the TEE like it were Google Pay's NFC controller app, it would enable the actor controlling the malware to spoof the credit card on their own phone... and since tap-to-pay is considered authenticated, chances are next to zero you can dispute the payment.

>>mschus+bQ
There's already a better way to check whether an Android phone is secure enough and it is independent of any proprietary OS certification: basicIntegrity [1].

Most banking apps in Germany use this API and thus work on GrapheneOS and other non-Google controlled ROMs with a locked bootloader.

PlayIntegrity is unnecessary and mostly offers vendor lock in to Google's ecosystem.

[1] https://grapheneos.org/usage#banking-apps