The word “potentially” was critical in the parent’s comment. A banking app cannot be assured that other apps are prevented from accessing its data when the phone is rooted.
So? If I, the customer, want to access my banking info, on my phone, with whatever means I want, I should be able to. As I said, it’s not like every app gets root access, if I, as the owner of the device, explicitly gave root access to something, it’s for a reason.
And the main point that a rooted phone can basically hide itself from any app remains; these “detections” are trivially bypassed in the exact situation they’re supposed to detect.
And if you don’t want to wear a mask on your face during a pandemic, you should be able to? Not everything is about you.
Banks practice defense in depth as other security practitioners do. Not every defense will stop every attack, so a layered, overlapping approach is used.
You really are missing the point that if the device is rooted there is nothing an app can do to protect itself. Defense in depth is layering (sometimes overlapping) solutions that do something. Detecting root and saying “nuh-uh” is not doing anything.
The word “potentially” was critical in the parent’s comment. A banking app cannot be assured that other apps are prevented from accessing its data when the phone is rooted.
So? If I, the customer, want to access my banking info, on my phone, with whatever means I want, I should be able to. As I said, it’s not like every app gets root access, if I, as the owner of the device, explicitly gave root access to something, it’s for a reason.
And the main point that a rooted phone can basically hide itself from any app remains; these “detections” are trivially bypassed in the exact situation they’re supposed to detect.
And if you don’t want to wear a mask on your face during a pandemic, you should be able to? Not everything is about you.
Banks practice defense in depth as other security practitioners do. Not every defense will stop every attack, so a layered, overlapping approach is used.
You really are missing the point that if the device is rooted there is nothing an app can do to protect itself. Defense in depth is layering (sometimes overlapping) solutions that do something. Detecting root and saying “nuh-uh” is not doing anything.