• johannesvanderwhales@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    7 months ago

    Isn’t saying that allowing apps to have root lets them access anything just describing what root is? A rooted phone doesn’t have to give superuser access to every app.

    • dan@upvote.au
      link
      fedilink
      arrow-up
      3
      ·
      7 months ago

      A rooted phone doesn’t have to give superuser access to every app.

      Sure, but apps that run as superuser can access anything, including the data and memory for banking apps. A big part of Android’s security model is that each app runs as a different user and can’t touch data that’s exclusively owned by another user.

      • johannesvanderwhales@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        It just means you need to trust apps that you give root access to, or only give elevated privileges during the very specific times when apps need them. Root isn’t something people who don’t know what they’re doing should be messing around with, I guess. But I’d think a lot of people who root their phone know and accept the risks.

        • dan@upvote.au
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          7 months ago

          People like you or I may know what we’re doing with a rooted device, but I think the issue for the banks is that they can’t guarantee that someone with a rooted phone knows what they’re doing or isn’t using a malicious app, so they have to be cautious and block all rooted phones.

          An app that requires root may look like a normal app but it could be a trojan that modifies banking apps in the background (eg patches them on disk or in RAM so transfers done through the app go to a different recipient). There’s been malicious apps in the Play Store in the past, and rooted apps have way less oversight - some are literally just APK files attached to XDA-Developers posts or random blog sites.

          • johannesvanderwhales@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            7 months ago

            I take your point, and I’m sure you’re right about the banks’ rationale, but in my own view it does not seem like it should be the banks’ decision to make.