and with that you need a smartphone, with a google-approved operating system and with it half of the factory bloatware, or otherwise you are barred from paying online, right? that sounds such a good idea.
I said nothing about the OS on the phone, why would you assume that I like Android?
that’s not what I assumed. I assume that this app would only support the 2 most popular mobile platforms, and that on android, as is tradition with payment related apps, it would refuse to work when it detects that your phone’s software has been changed in any significant way.
if Swish and BankID could run on an open mobile plattform, I’d be happy with that.
current trend is to make these apps OWASP compliant, which dictates that all apps should at least be an undecipherable, obfuscated black box, and better even make use of the OS’s integrity checking system, like play integrity on android.
My point it to separate the main computer from the payment system while still being convenient.
I am a bit confused as how you missed that…
I did not miss that. I was commenting on this, why it would be harmful in today’s world.
and with that you need a smartphone, with a google-approved operating system and with it half of the factory bloatware, or otherwise you are barred from paying online, right? that sounds such a good idea.
no.
I said nothing about the OS on the phone, why would you assume that I like Android?
I am an iPhone user, but that is beside the point, if Swish and BankID could run on an open mobile plattform, I’d be happy with that.
My point it to separate the main computer from the payment system while still being convenient.
I am a bit confused as how you missed that…
that’s not what I assumed. I assume that this app would only support the 2 most popular mobile platforms, and that on android, as is tradition with payment related apps, it would refuse to work when it detects that your phone’s software has been changed in any significant way.
current trend is to make these apps OWASP compliant, which dictates that all apps should at least be an undecipherable, obfuscated black box, and better even make use of the OS’s integrity checking system, like play integrity on android.
I did not miss that. I was commenting on this, why it would be harmful in today’s world.