HN2new | past | comments | ask | show | jobs | submitlogin

A rooted phone is more capable of modifying the banking app itself and has 'freer reign' over the APIs that the app uses to interact with the bank.

Whereas previously the app displays a 'whitelisted' set of UI options to the user, the rooted user could use employee only methods. Somewhere or other every bank has methods that set balances on accounts.

To be honest a law like this makes security by the extremely modest obscurity of not having an "increase your balance" button on the app UI much more tempting.



It's never about security or end user protection. It's to give banks a blanket refusal of responsibility.


This should be enforced by the backend, why should you ever trust the client to tell you what access you have?


> the rooted user could use employee only methods. Somewhere or other every bank has methods that set balances on accounts.

Exposing these types of APIs in any way outside the bank ever would be gross negligence.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: