HSBC UK banning KDE Connect from F-Droid, and non whitelisted keyboards
(Rant)
At somepoint, HSBC decided KDE Connect installed via F-Droid is less secure.
Then it decide non-whitelisted keyborads are a security risk. Only Gboard and Samsung Keyboard is confirmed within the whitelist.
I understand the point that risk can be introduce at various points, yet this is simply too much. Yeah there are people phone infected by malware but from Play Store. Not a single time I heard one ever happened on F-Droid distributed apps, at least not from the official repo. Also, I will put more trust on an open source keyboard than any proprietary keyboard.
Furthermore, I'm shocked that an app can read my app list, and current keyboard (introduced in Android 14). This just make building a profile much easier as I belive everyone almost have an unique set of apps they like. I don't think any apps need such functionality. Why the f it needs to care what input devices I uses? This make me worry more about untold (aka burried deep in Privacy Policy) data collection.
Afaik that's how the corporate apps stuff works, I byod (I really should have a second phone) and the work stuff is totally on its own, uses a different keyboard, opens a different browser uses a different authenticator etc.
And then i complained that my bank blocked access if adb was enabled...
If there's no loan attached to that account, for me this message reads "sorry, we don't want you as a customer. Please contact a bank teller to have a full refund, uninstall this app and don't forget to leave a 1 star review"
I'm not willing to compromise on this shit. My phone is my phone.
Mine actually. I'm in the United States, but I actually switched banks. And the vast majority of the reason I did so was because my bank did not allow me to use the website to use their functionality. And so I said fuck you and left them.
They are now blocking you because you are not using gboard and sam keyboard. Now it's too much .
I stopped using mobile banking became they need g play services.
That's annoying! I'm using Graphene and I just installed KDE Connect from F-Droid to test, which didn't trigger, however it did bounce me for using Heliboard. Changing to default keyboard and reloading worked, ie it can only see my currently active one.
Using Shelter to set up a second profile, or the new Private Space feature on 15 may help provide isolation.
Halifax/ Bank of Scotland/ Lloyds does an integrity check that rejects Graphene or LineageOS phones completely.
Check out Shelter by PeterCxy [FDroid - Source]
It uses Android's native work-profile feature to create a separate space for the apps you choose, so you could install the HSBC app there and it wouldn't be able to see anything outside its little bubble.
The downside is that AFAIK you cannot have multiple work profiles on the same phone, so if you have a MDM solution from work already installed like Intune you won't be able to use this, and given how draconian this app is, it might refuse to run if it detects its inside one. Worth a shot though.
This is the type of shit that has me losing faith in Android.
They added a fuck ton of restrictions on Clipboard Access because 'Privacy,' yet this clear privacy violation (with 0 use cases!!!) is still here.
App doesn't allow screenshots or screen sharing as part of the security features
Also, don't do mobile banking
Many times that's simply impossible depending on the bank, and it's wholly inconvenient for most people. Security wise, it also depends on way too many variables, so you can't just tell people to not do it and don't elaborate further.