Nordea Mobile (danish) claims malicious software running

lbschenkel

These all pertinent questions and I did talk about this briefly, including that it seems to go against the the new Digital Markets Act in EU, however I didn't press on the issue because I was talking to the developers, and not the decision makers who are imposing those requirements on the team. Many of those decisions are done above their pay grade. But they said that the config for this was deliberately put server-side, so if business requirements change then they can tweak the rules more or less instantly without requiring an app update.

To understand decisions like this, we have to understand the mindset of an organization such as a bank. They are not tech companies and don't want to get involved with any of this. IT is a cost. By simply "outsourcing" the vetting of apps to the Play Store, they can say they have done enough due diligence and at the same time block the vast majority of malware. If they allow other things, not only they have more work because they need now to vet apps and/or stores, they open themselves to more potential liability. That is how they think. The incentive is to minimize effort and/or liability to the bank. Any collateral damage is not a factor to them by default.

I'm not defending it, by the way, just saying how I see the incentives playing up to cause these outcomes.

de0u

lbschenkel The incentive is to minimize effort and/or liability to the bank. Any collateral damage is not a factor to them by default.

Of course. But mightn't they face liability (both legal and publicity) by nuking a legitimate accessibility service? Wouldn't a discrimination lawsuit by a disability-rights organization be painful?

By no means am I suggesting you sound like you are threatening to sue them! But if they think "just saying no" to things is safe, and they aren't seeing how that might blow up, maybe helping them think a bit more broadly might be mutually beneficial.

nixodus

Talkback can now be enabled from disabled system apps so it was fixed on Nordea server side indeed. Even though it even wasn't really in use in my question.

Bitwarden client cannot be enabled in accessibility menu :(

lbschenkel

nixodus Not true, I have Bitwarden enabled and the app does not complain — however, I installed Bitwarden from the Play Store. If you didn't, indeed it won't accept it because it only allows accessibility apps from the Store.

nixodus

lbschenkel indeed I don't have google play services installed in the profile which I've got Nordea app installed in and will not install them either so nordea app is from aurora store.

lbschenkel

de0u I did mention all of this for them to think about, including that they could be blocking critical apps needed by disabled people.

But it's a bit much expecting the organization to change course based on a 1-hour conversation with the developers who are not even the product owners. What I can say is that I did express these concerns to them, what happens next is up to them.

de0u

lbschenkel What I can say is that I did express these concerns to them, what happens next is up to them.

It's great that you were able to do that.

MentalM

GrapheneOS Hi, I wanted to go and write to the bank, but I see now, it has been fixed, at least for GOS users. Thanks:
lbschenkel :)

MentalM

lbschenkel I will, after I have received my ´backup´: The Code-Display. I will have a bit more confidence in being able to use MitID, having that device present, if the app will fail.

altair0001

MentalM

Hey. I personally am using MitID Code display
https://www.mitid.dk/en-gb/get-started-with-mitid/mitid-authenticators/mitid-code-display/

Saves me worrying about it being supported.

Graymatter

The app has now stopped working for me again and shows the same screen about malicious software.

fid02

Graymatter That's disconcerting. I don't get the message myself in the Norwegian version of Nordea Mobile. This is with TalkBack enabled as a system app, and with TalkBack enabled as an accessibility service. Which regional version of the app are you using?

fid02

I now tried with the Swedish, Danish and Finnish variants of the app, and I couldn't trigger the warning message. I can't sign into them, as I only have an account with their Norwegian bank, but before they allowlisted TalkBack the message about an accessibility service would show almost immediately after opening the app. Perhaps you have a different accessibility service installed that it's now detecting?

Graymatter

fid02 Well, I disabled and reenabled talkback and now it's working again. Strange.

MentalM

altair0001 yeah, I have ordered the free code display, it should arrive any day, as I hope PostLord will find my address... and when I do have it and have set it up, only then I will migrate MitID to my ´DK user' on the phone where I have chrome as option ...

[deleted]

The latest version of the Finnish version has fixed the issue at least for me.

oranki

Disabling accessibility permission from Bitwarden (F-Droid) is still required for Finnish Nordea Mobile to work.

lbschenkel

oranki Were you expecting something else? What was explained is that the app was coded to explicitly refuse any accessibility app that is not coming from the Play Store. Therefore, it's not a surprise that any app from F-Droid won't pass muster.

« Previous Page Next Page »