zlacker

[parent] [thread] 4 comments
1. Dylan1+(OP)[view] [source] 2022-01-28 10:14:22
That might at least be half a reasonable argument if they didn't all allow desktop logins that could be stuffed with malware.

> they're not obligated to deal with whatever insecure garbage you turn your phone into

Banks probably should be obligated to let you connect over standard protocols.

replies(1): >>themac+jP1
2. themac+jP1[view] [source] 2022-01-28 20:21:58
>>Dylan1+(OP)
In practice, many credit unions/banks will only support recent versions of major desktop browsers (ie. the big three: Chrome, Firefox, Safari) which are known to mandate a good level of security. These browsers will usually have their own OS requirements. For eg Safari is tied to macOS versions directly while Chrome will drop support for older unmaintained operating systems like Windows XP.

Any system can have malware. That's not the point. To repeat my point again: client restrictions are about making sure user devices are not unusually vulnerable to malware. For example, any Windows device may be infected with malware, but if you're still running Windows XP you're vulnerable to a much larger variety of known malware and more severe exploits. Hence why businesses will want to support only modern versions of eg Chrome which itself will require modern versions of operating systems.

replies(1): >>Dylan1+d32
◧◩
3. Dylan1+d32[view] [source] [discussion] 2022-01-28 21:35:33
>>themac+jP1
So require I have an up to date browser on my phone. Don't require that I haven't rooted it when every desktop is in an equivalent security state. That's not enough to be "unusually vulnerable".

I'm not asking to use a 10 year old version of android that no modern browsers support any more and is missing many security features.

replies(1): >>themac+LX2
◧◩◪
4. themac+LX2[view] [source] [discussion] 2022-01-29 06:14:34
>>Dylan1+d32
So what if the desktop is in a worse state? Mobile is still a common threat surface that supports stronger security measures. Unusual is relative, mobile is much more secure by default. It makes no sense to weaken the security posture for mobile users just because the desktop/web doesn't allow a stronger one.

I guess you also think Android/iOS should just get rid of app permissions because users could just use similar software on their desktops without any permissions gating?

Edit: Android/iOS are increasingly popular platforms, the security they pioneer far exceeds their desktop predecessors and has improved the average security posture of millions of mobile-focused users.

replies(1): >>Dylan1+C03
◧◩◪◨
5. Dylan1+C03[view] [source] [discussion] 2022-01-29 06:54:04
>>themac+LX2
> It makes no sense to weaken the security posture for mobile users just because the desktop/web doesn't allow a stronger one.

The motivation is not "just" that, or for fun, the motivation is that users should be allowed to control their own devices. And have them keep working.

> I guess you also think Android/iOS should just get rid of app permissions because users could just use similar software on their desktops without any permissions gating?

I want it to work... exactly like app permissions. Where if I root it, I can override things.

> Android/iOS are increasingly popular platforms, the security they pioneer far exceeds their desktop predecessors and has improved the average security posture of millions of mobile-focused users

Having that kind of sysadmin lockdown is useful, but if I want to be my own sysadmin I shouldn't be blacklisted by banks.

[go to top]