pferde 5 days ago

You might want to take a gander at this list: https://privsec.dev/posts/android/banking-applications-compa...

Reply View 11 replies
  • littlecranky67 5 days ago

    Looks like the list includes those apps that require access to Google Play services - which defeats the entire point of the OP wanting the privacy.

    Reply View 10 replies
    • maples37 5 days ago

      GrapheneOS not only provides a sandbox for Google Play (meaning it's just another app with no special privileges, and you can grant/revoke permissions (including network!) as you desire), it also heavily promotes user profiles for further isolation.

      I have a "banking" profile set up with Google Play services installed. 98% of the time I'm using my phone, I'm using the primary Owner profile. All the other profiles are encrypted-at-rest, meaning that until I enter my Banking-profile-specific PIN, the apps and data (including the Google Play Services installed there) are just encrypted files, and unable to do anything at all. (There are provisions for allowing a secondary profile to run in the background, but in this case I have obviously left that disabled.)

      Reply View 7 replies
      • parlortricks 5 days ago

        That sounds great, how much friction does this setup cause you daily? Could you hand your phone to a firend or family easily if they needed it?

        Reply View 1 reply
        • pferde 4 days ago

          Each profile in GrapheneOS is encrypted separately, and switching profiles require entering a PIN (plus additional biometric methods if you set them up for that profile) before the data is decrypted and accessible.

          So yes, you can hand the phone over to a friend or family, and they cannot get to any other user profile. Or you can set up a separate profile just for them, and they will have their own isolated set of apps - something like a separate user account on a desktop PC. And if only they know the PIN for their profile and you don't, they can keep secrets from you on that profile.

          Reply View 0 replies
      • littlecranky67 4 days ago

        Sounds like an awful lot of work vs. just having an iPhone and regularly install your banking app on it, and still not get spied on.

        Reply View 4 replies
    • dns_snek 5 days ago

      GrapheneOS sandboxes Google Play services, it's just a regular app without any special privileges. You can remove all of its permissions.

      Reply View 0 replies