jackuars

Level 24
Verified
1. Usually I don't advice to install an antivirus on an Android smartphone, however if it's being used for banking, it's better to use one. For free you get can't get any better than Sophos Intercept X with it's well distributed protection modules and being fully free and adfree. A great paid alternative is Bitdefender Mobile Security

Sophos Intercept X includes modules like Malware protection, Web filtering, Link checker, App protection, Wi-Fi Security, Privacy Advisor, Security Advisor, Secure QR code scanner, Password safe, Authenticator and Mobile Threat Defense.

2. Use mobile data instead of Wi-Fi when connecting to banking apps.

3. Enable device location & install anti-theft application to remotely delete information if device gets stolen

4. Use features available above: Applocker, Multi-factor authentication, Permissions checker

5. Use strong passcode for unlocking your phone, disable face detection (less secure)

6. Better not to use a rooted device, uninstall any un-trusted modded APK's.

7. Check if the banking app is automatically logging you off when not active, use SMS authorization option
 

Freki123

Level 8
Verified
The last time I read about it onlinebanking on the same phone where the sms or confirmation code will be send to was a pretty bad idea. After that I never looked into it again :D So I would end up with 2 phones. Like an 3310 just for the sms auth.
 

SpiderWeb

Level 3
I think the idea that banking apps are less secure has become a myth. It used to be true back when Android phones did not come with encryption and frequent security updates and permissions were too powerful. The problem is not the app itself but in what environment you are running it. I think it is safe and even more secure to run a banking app on Android 10 and definitely on the latest iOS version than in a desktop browser.

Minimum:
-A modern smartphone from a reputable company (Apple, Google, Samsung, Motorola)
-Latest Android version: Android 10 minimum since it has clipboard access restrictions
-Latest Security patch, latest Play Store system update
-Not rooted, SELinux enabled, Disable Developer Options
-Encrypted phone with a TPM/StrongBox
-Use on a reliable mobile carrier and only use LTE/5G since it's encrypted phone -> tower. Never use Wi-Fi.
-Use a reputable VPN if you use any at all with reliable endpoints in free democratic countries with good laws!
-Auto updates for apps always on
-No device admin apps
-Double check apps that have Accessibility permission. It should only be your password manager
-Look up if your banking app has a good reputation for security.
 
Last edited:

pablozi

Level 25
Verified
Trusted
How to make sure Android is safe & secure before installing Banking Apps?

Questions;
What checks should be made?
Which apps should be avoided?
What about a factory reset?
Don't get too paranoid.
Simply avoid apps from unknown sources, do not root your device and don't use the banking app on public hot spots - connect to your bank only using your service provider's network.
 

security123

Level 26
Verified
What checks should be made?
update Android and apps to latest version
reboot phone to "reset" all higher level based attacks
check if phone bootloader is still locked and ROOT isn't available

Which apps should be avoided?
All which aren't realy needed. Most apps can be easily replaced with websites/ website apps called Progressive Web Apps (UWP)
avoid specially all "security" and VPN apps

What about a factory reset?
Always a good idea if system get "corrupt" with unwanted apps. I wrote corrupt in quotes because normal Apps can't doing damage to smart phone system.

Also a own Android user profil can be used which is isolated to other profil. (don't use Apps like Shelter! - this is a native Android feature)
 

Gandalf_The_Grey

Level 36
Verified
Trusted
Content Creator
From my bank (ABN AMRO):
What you can do to stay safe when banking online
  1. Keep your security codes secret
    We will never ask you for your security codes , either by phone, via e-mail, text message, WhatsApp or social media. Nor will we ask you to transfer money, or to log in directly to the ABN AMRO app via a link.
  2. Make your phone more secure
    Use the screen lock so that only you can unlock your phone using a code, pattern, Face ID or your fingerprint. Anti-theft protection will keep your data safe should you ever lose your phone.
  3. Check your device registrations on a regular basis
    Go to 'Settings > App > Device Registrations'.
  4. Use your own provider's 4G network
    WiFi networks without a password or with a password that anyone can use are not secure. You should therefore always use your mobile provider's 4G network.
  5. Update the ABN AMRO app regularly
    Always install updates for the ABN AMRO app and your device software (iOS or Android) as soon as you receive them. Or allow automatic installation of updates. That way you can be sure your device has the latest security patches.
  6. Only install apps from an official or reliable publisher
    Do not use apps made available through channels other than official app stores. Be careful if an app is asking for greater rights of access.
  7. Our efforts to keep your banking activities secure
    • When you install the app, we will ask you to register your device. This will allow us to identify you by the device you are using to do your banking as well as by your identification code or fingerprint.
    • Before doing your banking in the app, we ask you to log in using your identification code, your fingerprint or Face ID. This way, anyone else who gets their hands on your device will not be able to access your account.
    • All data exchanged between the ABN AMRO app and ABN AMRO is encrypted and uses a secure connection.
    • If you do not use the ABN AMRO app for 5 minutes, you will automatically be logged out.
 

SpiderWeb

Level 3
Worst idea ever.
Avoid logging to your bank account using any, doesn't matter how reputable, VPN's.
I mean it depends. It's not black or white. You realize when you are not connected to a VPN your connection has to hop through several points and relays too that all log your traffic as well and could have foreign adversaries spying on you. ISPs/mobile carriers log data, and even sell that data. Not everyone lives in a country with Swiss/EU privacy laws and not every VPN is shady. If your banking app uses encrypted connections, your VPN won't be able to decrypt them either. It just makes sure nobody knows where this connection came from and where it's going to. If your banking app isn't using encryption, then your banking app is the real problem. Yes there are shady VPNs but that's why I said "if you use any at all". I think using a good paid VPN on a public Wi-Fi is still much much better than just using public Wi-Fi and LTE/5G towers only encrypt between the phone and the tower and there is no transparency on whether that traffic is encrypted past that point or if that cell tower is even legitimate.

I think most people who use VPN are paranoid enough to double and triple check their entry and exit nodes and check forums if their VPN can be trusted, most certainly everyone who reads Malwaretips so I'm not worried about anyone here using a VPN because I know you guys are smart enough to trust your traffic to something reputable. :D
 

Telos

Level 20
Verified
Content Creator
Avoid logging to your bank account using any, doesn't matter how reputable, VPN's.
+1 ... I attempted this many years ago and was immediately locked out from my account. It had nothing to do with the VPN provider, but an unexpected remote IP that triggered the freeze. It took "forever" to reach the department in charge who would work with me to clear the "intrusion".

I got so paranoid, I won't even check my Gmail account over a VPN.
 

SpiderWeb

Level 3
About antiviruses, please take it from Google's own security team:




And many others you guys trust daily with security

Antiviruses are data mining companies. The same people here who recommend AVs that use SSL certificates to intercept and decrypt your encrypted banking connections, read your passwords and submit your files across the Internet without permission are the same people who demonize VPNs....
 

security123

Level 26
Verified
3. Enable device location & install anti-theft application to remotely delete information if device gets stolen
Stock Android (with GAPPS) provide already both natively. (iPhones are much better)

4. Use features available above: Applocker, Multi-factor authentication, Permissions checker
(normal) Permissions doesn't matter as Apps are isolated in Android so they can't access other Apps/ Apps data.

5. Use strong passcode for unlocking your phone, disable face detection (less secure)
Biometric are mostly used as 2FA. And they're also more secure then a simple PIN/ password and also protects against "shoulder surfing"/ cameras. Secure phones securely store these data in extra hardware like Titan M chip (in Google Pixel) or Secure Enclave (in iPhone) and can't be hacked from a standalone guy. Other phones aren't recommend for these sensitive data.

7. Check if the banking app is automatically logging you off when not active, use SMS authorization option
SMS isn't encrypted so highly insecure and should be avoided at least for important stuff like banking and 2FA.
 
Top