this post was submitted on 09 Nov 2024
151 points (98.1% liked)

Android

27927 readers
166 users here now

DROID DOES

Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules


1. All posts must be relevant to Android devices/operating system.


2. Posts cannot be illegal or NSFW material.


3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.


4. Non-whitelisted bots will be banned.


5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.


6. Memes are not allowed to be posts, but are allowed in the comments.


7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.


8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.


Community Resources:


We are Android girls*,

In our Lemmy.world.

The back is plastic,

It's fantastic.

*Well, not just girls: people of all gender identities are welcomed here.


Our Partner Communities:

!android@lemmy.ml


founded 1 year ago
MODERATORS
 

In a recent update to the HSBC app they've added a screen to prevent you from using the app unless you use the default (google) keyboard.

They do a similar thing if you have an accessibility service running that can access the screens content. A fair enough security warning if you've happened to install a dodgy keyboard app, but highly frustrating when using an open source alternative that enhances the security and privacy over the default option (HeliBoard in my case).

I haven't found a way to circumvent the page yet. It would be useful if Android allowed you to block the permission to query all packages, but alas.

all 41 comments
sorted by: hot top controversial new old
[–] independantiste@sh.itjust.works 73 points 4 days ago (1 children)

banks will do everything in their power to restrict who can use their services in the name of security but are absolutely fine with 6-char password size limits and SMS 2FA

[–] AsudoxDev@programming.dev 8 points 4 days ago* (last edited 4 days ago) (1 children)

They are in an illusion where their backend is absolutely perfect, but third party apps like open source keyboards implement spyware that spies on users predictable bank passwords. (FlorisBoard is the biggest predator)

[–] Zacpod@lemmy.world 28 points 4 days ago (1 children)

Move to a credit union. HSBC is terrible.

[–] HereIAm@lemmy.world 9 points 4 days ago (1 children)

Yeah, I don't really have a reason to stay with HSBC. A responsible me would look for a bank with better credit card interest. Might as well shop around for a new one.

[–] spicehoarder@lemm.ee 5 points 4 days ago

Hell yeah! And make sure to tell them the reason for closing your account too

[–] ptz@dubvee.org 60 points 5 days ago (5 children)

If my bank's app ever forces me to choose between my keyboard of preference and their app, it's their app that's getting uninstalled.

[–] jet@hackertalks.com 15 points 5 days ago (1 children)

I think it's a great option to warn people about. Or even force switching of the keyboard for that one app. But it shouldn't require you to set a system sitting.

[–] Hellinabucket@lemmy.world 2 points 5 days ago

My back pops up with a warning but than just let's be carry on my way

[–] pastermil@sh.itjust.works 6 points 5 days ago (1 children)

The thing is, they're one of the biggest banks in the eastern hemisphere.

[–] ptz@dubvee.org 18 points 5 days ago (1 children)

Be that as it may, apps must work for me and never the other way around.

[–] lka1988@sh.itjust.works 4 points 5 days ago

Bingo. I will happily go out of my way to modify things, and if the methods provided to hide root/bootloader ststu from any particular app don't work, then that app gets uninstalled.

[–] lowleveldata@programming.dev 5 points 5 days ago (1 children)

I might get a device dedicated to banking only if it comes to that

[–] dutchkimble@lemy.lol 1 points 4 days ago

Don’t worry, you can just use your browser instead of their app

[–] ccunning@lemmy.world 4 points 5 days ago (2 children)

Have the security risks associated with third party keyboards been mitigated somehow? I made the decision not to use them years ago and have never revisited it.

[–] HereIAm@lemmy.world 5 points 4 days ago (1 children)

Of course there will always be some risk. But HeliBoard and some other keyboard apps are open source and can be audited. I'd trust (I know, you should do your own homework) the more popular ones have a lot of eyes in them.

[–] AceFuzzLord@lemm.ee 2 points 4 days ago

As someone who doesn't have the time, skill, or knowledge to audit open source projects, I agree on the trusting more popular open source keyboards (and by extension popular open source projects in general).

[–] GlenRambo@jlai.lu 1 points 4 days ago

Fist party keyboards have the exact same permissions. The code is hidden though and noone can audit it.

Well then you'll need a good mattress to store your money because in the future, all banks would be doing it.

[–] henfredemars@infosec.pub 47 points 5 days ago* (last edited 5 days ago) (2 children)

I'm not sure about this app especially, but I hate that my bank personally has so many restrictions on the app usage but I can also just use a web browser on God knows what with who knows what extensions installed and they're all like sure, come on in!

[–] redshift@lemmy.ml 19 points 4 days ago

They likely won't allow that forever. If Google has its way with the web, trusted browser environments will be a thing, and banks will only accept those.

[–] darklamer@lemmy.dbzer0.com 28 points 5 days ago (1 children)

Considering that HSBC is remarkably evil, even compared to other major international banking corporations, this might be a good nudge to stop doing business with them.

[–] Mr_Dr_Oink@lemmy.world 5 points 4 days ago

You would have to be extremely evil to be a far comparison to any other bank.

Thats impressive.

[–] 3dogsinatrenchcoat@slrpnk.net 22 points 5 days ago (3 children)

They do a similar thing if you have an accessibility service running that can access the screens content

Well fuck disabled people I guess?

[–] mcherm@lemmy.world 10 points 4 days ago* (last edited 4 days ago)

Actually, banks are a heavily regulated industry and they have to comply with strict non-discrimination requirements including making all reasonable accommodations for people with disabilities.

If you know someone who uses a screen reader and is therefore unable to use HSBC's app, encourage them to file a complaint with the appropriate regulator (in the US, try https://www.consumerfinance.gov/complaint/ ).

Banks are very attentive about listening to their regulators.

(Of course, it's possible that what HSBC did still works with commonly used screen readers for the blind because they actually thought of this.)

[–] HereIAm@lemmy.world 2 points 4 days ago

Yeah it is bad. Maybe it's the case again that the default screen reader is allowed but third party ones aren't?

Okay, I just tested turning on the built in screen reader and it launched just fine 😑

[–] sunzu2@thebrainbin.org -1 points 5 days ago

It is for their own good... Daddy said so.

[–] xep@fedia.io 21 points 5 days ago (1 children)

I understand the reason for this, but if this is what they've decided to do they should also provide a trusted HSBC keyboard that can only be used with their banking application.

[–] andrew_bidlaw@sh.itjust.works 5 points 4 days ago* (last edited 4 days ago) (2 children)

Can apps has their own keyboard and never call the system one? Installing their kb as another app and as a system one at that would be 200% more infuriating. Now THEY can log your keys elsewhere.

[–] projectmoon@lemm.ee 15 points 4 days ago

They can build a keyboard into it, sure. It's just UI elements and a bunch of buttons. Won't be a good keyboard, but it can be done.

[–] HereIAm@lemmy.world 8 points 4 days ago

It's possible. First example I can think of is NYT's games app uses their own keyboard. It's clunky, but if someone is concerned (or data hungry) enough for the users security they certainly could.

[–] M137@lemmy.world -4 points 5 days ago (1 children)

HSBC - High school before Christ

[–] SplashJackson@lemmy.ca -3 points 5 days ago (1 children)

HSBC - Hot Sexy Babes Caressing

[–] Fuzzy_Red_Panda@lemm.ee 3 points 4 days ago

Hugely Shitty Banking Corporation