One of my banking apps (Citi) didn’t even work in stock Android on a Pixel. It thinks I’m rooted lol.
Everything works well enough in the browser though. Nowadays I just do all that stuff on a desktop PC. Not everything needs to be an app or even done on a phone.
The desktop versions of bank websites have everything I need, whereas mobile versions can skip out on certain features. Plus, these apps tend to hoard perms for “security” reasons, or so they say.
If you have a strong password and legit MFA (like TOTP or a physical key), use a trusted device/browser that’s good enough. There shouldn’t be a need to grab my location or nearby devices.
Bonus points if the bank lets you review login sessions and deauth devices, flags things like impossible travel, etc.
Credit unions tend to do better. DCU is one example. They excel at security, don’t do any silliness with perms in their app, let you review logins and devices, and have a strong MFA implementation. The big private national players just want to sell you to data brokers to pad their margins while you pay ridiculous interest rates on their crappy products and get nothing in return.
One of my banking apps (Citi) didn’t even work in stock Android on a Pixel. It thinks I’m rooted lol.
Everything works well enough in the browser though. Nowadays I just do all that stuff on a desktop PC. Not everything needs to be an app or even done on a phone.
The desktop versions of bank websites have everything I need, whereas mobile versions can skip out on certain features. Plus, these apps tend to hoard perms for “security” reasons, or so they say.
If you have a strong password and legit MFA (like TOTP or a physical key), use a trusted device/browser that’s good enough. There shouldn’t be a need to grab my location or nearby devices.
Bonus points if the bank lets you review login sessions and deauth devices, flags things like impossible travel, etc.
Credit unions tend to do better. DCU is one example. They excel at security, don’t do any silliness with perms in their app, let you review logins and devices, and have a strong MFA implementation. The big private national players just want to sell you to data brokers to pad their margins while you pay ridiculous interest rates on their crappy products and get nothing in return.
I use the browser with a hardware TAN generator, though my bank’s app works fine on GOS.