Terence Eden’s Blog 2024-12-29 What's the best way to protect banking apps on Android? https://shkspr.mobi/blog/2024/12/whats-the-best-way-to-protect-banking-apps-on-android/ Lots of people using banking apps on their Android phones0. They're a convenient way to check your balance, transfer money to people, and get alerts about fraudulent transactions. But, like anything related to money, they can be abused. Nowadays, thieves are not only snatching phones, but forcing their owners to transfer money to the thieves. This is not an isolated incident1. How can you protect yourself from such a situation2? Broadly speaking, there are four ways to protect your sensitive apps. Relying on the regular lockscreen, hiding the apps, using a Private Space, or placing the apps in different profile. Let's look at the advantages and disadvantages of each approach. Regular Lockscreen Android's lockscreen controls are pretty good - if you turn them on. Perhaps you have a super-long and complicated password. Maybe a 10 digit PIN that only you know. Biometrics like facial recognition and fingerprints are reasonably strong and fairly convenient. But that relies on your phone being locked when it is snatched. If you're using your phone when it is taken from you, the lockscreen might detect it and lock automatically, but you need a modern device and to have specifically enabled the setting. If a thief has shoulder-surfed your 4 digit PIN, that will be enough to let them enter your phone. But here we are concerned with someone threatening you. Basically, if someone has a knife pointed at you, you're probably going to unlock the phone for them3. So, let's assume we want to protect our banking apps from someone who has access to your unlocked device. Launcher Hiding Some Android phones let you hide apps. When an attacker is scrolling through the list of installed apps, they won't be able to see any apps which are hidden. This, I think, is a reasonable way to hide your banking apps. You can show the thug that there aren't any installed. That may or may not be enough to mollify them. They might still nick your device, but you won't be forced to transfer your savings elsewhere. This, of course, presents a problem for the regular user. How do you launch your apps if you can't find them? Most launchers will let you type in the name of the app to find it - the app is merely hidden from the default list. So an attacker would have to try typing "HSBC" or "Barclays" or "Chase" or a dozen different names until they find your app. Will they be angry if you've lied to them? Is that a risk you want to take? Some launchers will let you change the name and icon of your sensitive apps. You can rename "Midland Bank" to "Calculator" and change its icon. Not every launcher supports this sort of hiding though. It also places a cognitive load on you that you need to remember what you've hidden your apps as. Will you remember than Bank 1 is calendar and Bank 2 is Bumble? Private Space Android 15 has introduced the concept of a Private Space. It is like a digital lock-box for your apps. If someone has your unlocked phone, they need to pass through authentication in order to use apps which are locked. There are two main drawbacks with this approach. Firstly, locked apps don't run in the background. That means you won't get alerts from them. If you rely on push notifications to tell you if someone is using your card fraudulently, this could be a problem. Secondly, the Private Space shows up at the bottom of your app list like this: https://shkspr.mobi/blog/wp-content/uploads/2024/12/private-space.mp4 So an attacker can easily see it and demand that you open it up. You can set the Private Space to be hidden. But then you're in the same position as above - typing in "private space" will show it in your launcher. Work Profile Android has the concept of "Work Profiles". They're designed to segregate your work apps and your personal apps. Your work admin can wipe your work profile without touching your personal stuff, and you can't copy confidential emails to your personal area. Nifty! If you don't have work apps on your phone, you can use an app like Shelter to make your own Work Profile. You can stick your banking apps in the Work Profile and have them locked away from prying eyes. The Work Profile button is more subtle than the Private Space. [Image: Work Profile in the quick settings bar.] But it still has the disadvantage that, once locked, the apps are suspended and won't receive any alerts. Secondary Profile Finally, modern versions of Android support multiple profiles. They're generally designed so that multiple people can use your device - but there's nothing stopping you from putting your banking apps in there. The immediate advantages of multi-user profiles are: The profile can be protected by a separate password. The profile switcher is generally more subtle than the Work Profile switcher or Private Space toggle. Apps can run in the background while in a separate profile. The disadvantage is that, because it is a completely separate profile, you'll need to sign in again using your Google account in order to install apps from the Play store. If you use a password manager and MFA app, you may need to install them in both your main and secondary profile. Because the apps can run in the background, there may be some (minor) impact on battery life - you're effectively running Google's Notifications Service twice. If you are being held at knifepoint and a notification from your bank comes through - you may find it socially awkward to explain. Which is right for me? It is complicated. I think I can distil it down to the following: If you need alerts from your banking apps - put them in a secondary profile. There are some reports of banking apps not working in secondary profiles - if yours don't work in a profile then hiding apps is your best defence. If you're not using Work Mode and don't need alerts - put them in Work Mode. If you're using Work Mode and don't need alerts - put them in a Private Space and set the space to be hidden. Remember, you can't fling technical solutions at social problems and expect them to solve everything. In general, crime in England and Wales is at its lowest level but certain crimes, like phone theft, are on the rise. Despite all the technology thrown at the problem, people are still walking around holding machines worth hundreds of pounds. Each of those machines is a gateway to potentially thousands of pounds. Phones and banking apps are incredibly lucrative targets. The aim of this exercise isn't to solve the problem of crime. It isn't even to make you a less attractive target. It is to allow you to hand over your phone safe in the knowledge that your banking apps are somewhat protected from miscreants while still being useful to you. If you have any tips on how to keep banking apps hidden, please leave a comment. "Not me," you say smugly. "I am far superior to the sheeple. If I want to connect to my bank, I just SSH in to a bespoke firewalled box that runs a disposable Docker image which connect to TOR." You continue, indifferent to the exasperated sighs of the waitress "Of course, I only use GNU/Linux on my phones, have you heard of it? I don't even trust password managers! I have my own algorithm for generating passwords using dice. I have some nifty D20s if you wanna see them? Sure beats having a CRapp on my phone! If I want to transfer someone money I generate a new seed phrase for my Bitcoin wallet and then… say, do you take crypto here?" The waitress contemplates stabbing you with a fish-knife but, instead, politely replies "If you don't want to leave a tip, sir, that's OK." She makes the mistake of smiling, which you misinterpret as a flirtatious gesture. You torrented a whole bunch of books about social interactions with girls and yet, somehow, failed to understand any of them. You try negging her. That's bound to work. "Of course, you're probably the sort of girl who uses an iPhone or as I call them…" before you can chuckle about normies running iDrones the waitress has turned and walked away. Bitch. Still, at least you don't have any banking apps on your phone. That makes you better than most people. ↩︎ See also Bank and phone lessons learned after a robbery and I was robbed and forced to transfer money from my banking app. ↩︎ Here we're mostly concerned with street theft. If you are the target of state-sponsored violence, or the police are searching your phone, then you may have a different threat model. If you think that your snarky posts on your three-subscriber Substack about "lamestream media" and "Micro$oft" make you a target for the CIA, please go outside and run around in the fresh air for a bit. ↩︎ Yes, I know that your self-defence training is impressive, but handing over your unlocked phone is a lot preferable to getting punctured. ↩︎ ------------------------------ 2024-03-13 Notes on installing GrapheneOS on a Pixel 8 Pro - some bugs & oddities https://shkspr.mobi/blog/2024/03/notes-on-installing-grapheneos-on-a-pixel-8-pro-some-bugs-oddities/ These are notes to myself - and anyone else who finds them useful. Before starting, I booted the Google OS to install the latest firmware and an eSIM. After a few days of enduring Google's naggy software, I was ready to commit to installing something better. I tried using the Web Installer. It managed to flash some of the partitions and then failed with: Failed to execute 'claimInterface' on 'USBDevice' So I used the CLI instructions which were comprehensive. Worth re-reading them a few times to make sure you understand what needs doing. I (foolishly) assumed my fastboot didn't need updating. Tsk! And then... it just worked! Well, almost. The device saw the previously installed eSIM, but wouldn't connect to its network. I manually removed it, reloaded it. Still nothing. So I manually chose the network and that seemed to fix it. No idea if that's a problem with the network, the eSIM, or something else. Bugs As soon as I booted, my network provider sent me a text. I opened up the default messaging app and saw this error: [Image: This app was built for an older version of Android. It might not work properly and doesn't include the latest security and privacy protections. Check for an update or contact the app's developer.] This is a known problem but it makes for a crappy user-experience. There's no way to update the app in Graphene - you need to manually install your preferred SMS app. In similar UX fails, I tried to add the clock widget to my home screen. This is what I saw. [Image: Hard to see graphics.] If you peer carefully, you'll see an analogue and digital clock. I hadn't switched to dark mode or anything like that - this is the default experience. I wanted to see how long I could go before installing Google Play Services. The answer was... five minutes. I tried to log in to my password manager using a WebAuthN token and it wouldn't work. The default Vanadium browser can't handle them. Again, this is a known problem - but it does slightly undermine the attraction of Graphene. I'm privacy conscious and want as little Google in my life as possible. I'm security conscious and want to use MFA everywhere. Pick one. Partway through the day, I got this internal error: [Image: Pop up saying it was unable to fetch a list of apps.] I was happily browsing the web with no connectivity issues. So I'm not sure what caused that. It's annoying that Graphene doesn't support LineageOS's bottom-button changes. I have a decade of muscle-memory saying back is on the right. There's no way to change it, so I've swapped to gesture navigation. The icon size on the stock launcher are far too small. On a massive screen like the 8 Pro they are tiny. So I've installed NeoLauncher which is a lot more customisable. The only other (non-essential) thing missing is the ability to use Cast to screen share a device. There's a button in the UI, but it does nothing. Setting up a work-profile required a little bit of a work-around, but seems to have worked. Hurrah for forum threads detailing the various tricks you need. A software update allowed DisplayPort via USB-C. I plugged the 8 Pro into my USB-C hub, it detected the ethernet, keyboard, mouse, and display - graphics came through fine. Although there's no way to rotate an external screen - so you're stuck with landscape orientation. My HDMI adapters showed as detected via a little icon - but no video came out. The Graphene camera's interface isn't as good as GCam and it is missing a bunch of options. Installing the stock Pixel camera worked - and there are lots of hacky derivatives. Other than that, it has been pretty good so far. My banking apps work, call recording works, 5G and Bluetooth works, eSIM and regular SIM works. There have been a few odd things where apps have complained that they can't work and then suddenly sprang to life - but that might just be Android. The only big thing Graphene is missing is Google Pay / Wallet. It is so convenient using tap to pay - but getting rid of the rest of the incessant Google bloat is worth the sacrifice. Overall, I'm happy with the decision to nuke the original Google software. I know they say they'll support the device for 7 years - but I literally have no reason to trust them. Maybe I'm being naïve trusting a group of random hackers to produce a more secure OS - but I'd rather that than further entanglement with an organisation which has repeatedly shown contempt for its customers and users. ------------------------------ ␃␄