It's still based on Android though - so isn't it building on sand ?
Isn't it better to focus our efforts on projects unrelated to Android, especially since some viable ones have appeared recently : Librem 5 and especially PinePhone.
Banks in many countries require an Android phone for online banking. Even if they offer an online-banking website that you can access with any browser, you may still need the Android app for 2FA. This is one of a number of reasons why the PinePhone or Librem is unfortunately not a daily driver. Also, things like paying for parking or interacting with public services are moving to Android apps in some places.
I was given a hardware device by my bank to do my online banking. If they want to move to smartphones I expect them to provide me one of those as well.
One of the very reasons banks have been phasing out hardware tokens (and code cards) is because they represent a cost. Of course the bank is going to put the price of the smartphone all on customers.
When you get to the lowest level, technically, the banking apps want to store files on the phone that the user can't access.
This means that something like lineageos can run banking apps, if the phone tells the banking app what the app wants to hear. It's fiddly but can be done, and in fact it is what I do on my private phone. It also means that a platform that fundamentally gives users the right to read all the files on the phone (ie. to make a complete backup) will not be supported by banking apps, because such a platform will not let the banks do what they think they need to do.
I think this implies that such platforms can't grow beyond a niche within a niche.
While I can understand Google and the banking apps' actions, it doesn't make much sense given how PCs having root is hardly every a concern for a bank. If you can do something bad with banking on a rooted device, it's probably doable on a computer too.
Oh, banks are definitely concerned about PCs having root. There are even some banks that have removed their online banking websites entirely (except, perhaps, for corporate clients) and require customers to do everything through the Android app instead.
My bank and my wife's bank both require 2FA. On the app, one of the Fs is having physical access to the device (the phone/app, which was vetted by the bank when the app was installed). On web browsers, these two banks don't offer any factor like that.
In end effect, the banks treat a non-rootable device as suitable as a "something you have" factor, but will not treat a rootable device as that.
In some countries one no longer has that possibility. Not everywhere has a range of banks to choose from, sometimes mergers have resulted in just a handful of banks for a country, all of which enforce use of an Android app.
Oh, it’s fsflover, the poster with the Librem idée fixe. Haven’t noticed you here in couple of years. Your comment elsewhere here about GrapheneOS not requiring much less effort to daily drive is way off. GrapheneOS runs banking apps and, in countries that legally enforce use of certain apps for ID or payment, those apps, too. Zero hoops to jump through. Meanwhile, a Librem phone (or a PinePhone) will not work.
Of course, in some countries you have lack of important freedoms, which says a lot about their state of democracy. However if your country gives you a choice, consider using it in order to not lose it.
It's nice to know that I'm somewhat famous. I never suggested that running banking apps on GNU/Linux phones was as easy as on Android forks (however, reportedly it is possible for some banks). I meant other daily tasks of course.
The country I live in has strong consumer protection laws. Banks deal with it by judging risks: That which is too risky is what they won't offer.
My bank does not offer Western Union transfers, for example, because there's been too much fraud. And does not accept root-platform devices as 2FA "something you have" factors.
Liberty or consumer protection? Your choice, really.
Arguably, typical Android is less secure than a Linux phone, since it constantly calls home, runs a ton of untrusted apps and often has a short software support time.
One of the draws of GrapheneOS is that, since Pixel phones have a relockable bootloader, that Android image will pass SafetyNet. While Google Play Services is typically required by banking apps, on GrapheneOS you can run Play Services in its own sandbox.
They might, but app for my bank works happily on LineageOS.
Same eg. with app for a local 2nd hand site, which on startup complains that it needs the Google services... and then runs without issue (only appears to use those Google services to pinpoint the phone's location).
Imho this is 1 more reason to put alternatives like LineageOS on a phone: the more users on those, the harder it is for app developers to drop that usergroup for... well, reasons.
Most reject phones that don't pass SafetyNet. There are ways to pass it with unofficial images/rooted phones, although I'm not sure for how long they will keep working and I think you still need Google Play.
As I said, for many banks, in order to log in to the bank's website on a laptop, you need to receive a 2FA code sent through the bank’s app on an Android phone.
I’ve found that many times when a service says this the system will work with any OTP program. They just don’t tell you specifically. Maybe they don’t know, think it’ll confuse, and/or prefer you didn’t.
Here (in Russia) typically SMS is used as a second factor and you don't need an app. Requiring to install an app is basically requiring to buy a modern smartphone only to be able to log in.
It's the regulation that should focus on creating the foundations of alternative systems, not the phone manufacturers. If a bank doesn't have a website, or a govt app doesn't have a website equivalent, then Librem & co is already out of the picture, from the everyday usability standpoint. To provide the citizens freedoms, service providers need to be forced to use open standards, like HTTP & HTML, to serve an standard interface that has all the necessary functionality. No matter how many grassroots initiatives we have, if this is not provided, they are automatically all out of the race.
So really, if anything, I'd like people to focus on regulation.
As an owner of both a Librem 5 and a Pixel 6a running GrapheneOS I can confirm that the latter has been much more reliable and has taken substantially less work to get to the point where I can daily drive it. The Librem 5 is not there yet, and while I would like it if it were I'm not currently very optimistic about that.
In the past year, I have used a pinephone+keyboard with Arch, a oneplus 6t with postmarketOS, and a pixel 7a with GrapheneOS. In my opinion, Graphene is significantly easier to daily drive because the applications are designed for a phone's form factor.
The biggest one is the Firefox ESR build from the pmOS repos with the custom userChrome.css that tries to fit everything onto the Pinephone's screen. I pretty consistently encountered pop-up prompts (for example, in the built-in password manager) that ran off the edge of the screen in both portrait and landscape. Zooming out sometimes helped, but then the text was unreadable and the buttons too small to press. There was also no forward button in either the overflow menu or the nav bar. The Phosh settings app had similar problems.
There's some hiccups when you first set GrapheneOS up, but after that it is as smooth as, and blends in with, any other Android device. I've never used Librem or PinePhone to comment on them
Isn't it better to focus our efforts on projects unrelated to Android, especially since some viable ones have appeared recently : Librem 5 and especially PinePhone.