If this is similar to LineageOS, then it's always potentially only a matter of time until some banking and payment apps stop working due to failing security attestation pushed by a Google update.
We need native apps that pass attestation out of the box for that phone/OS, not relying on hacks that may or may not work in the future.
This is not good UX and it poisons the well if you push users to a new platform then they discover some apps don't work as you promised.
Because FIDO2 is not enough for non-tech-savvy people.
The main issue is potential confusion about what transaction they’re actually signing. For example, a malicious browser extension can pretend the site sends money to X while actually sending it to Y.
The European PSD2 directive mandates that the 2FA scheme must let the user see what they’re about to sign. At the very least, that includes the amount and part of the recipient’s IBAN. FIDO2 doesn’t have that.
It’s the reason I own a device that looks like this [0]. Without it, I wouldn’t be able to transfer money at all due to the lack of banking apps that work on Linux phones.
In this case, wouldn't FIDO2 only be used to log into the bank's website, not to sign individual transactions? (Corresponding to Mode2 in the Wikipedia article you provided?) Would this "mode2" only usage be allowed under European law, given that there is no transaction involving an amount of money taking place?
Banks used to give us those RSA tokens in the past for securely logging in to the web UI, but then discovered they can cut down on cost since everyone has two brands of smartphones.
No doubt. At least with FIDO2, people can provide their own hardware key, and get real security rather than a rolling number generated by a compromised algorithm [1].
Man, around 20 years ago, when I was a teenager, I used to noodle around AGS. I think I made a couple of "games", but never released them or anything. Glad to see it's still around!
I've been dabbling with local ML projects, and trying to get them to run with ROCm on my Radeon 7900 XTX card. All the solutions to run for example Llama.cpp or Automatic1111 are a bit hacky, so I made a repo where I document how to run them in containers.
My experience was getting the "you have 24 hours" to respond e-mail, and contacting them within 20 minutes, only to be passed around a phone system to be finally told, sorry everything has been deleted.
They offered to "recover" the account, which was basically just an account shell with my info. All of the assets and backups had been permanently erased.
I always wonder how people manage. If you have a note for project X, concerning person Y, dealing with topic Z, and needs more work, in which folder do you put it?
https://forum.sailfishos.org/t/banking-apps-on-sailfish-os/1...