I know banks are pushing on Google to improve Android security, to avoid malicious apps with root access from messing with banking apps.
How do you know this? Do you have a link to a source that says it?
I’ve tried (not especially hard) to find sources in the past citing actual incidents where end-user devices running non-stock Android or with root access led to bank fraud or data breaches. I didn’t find anything to suggest that’s a problem in the real world.
The main malware problems I have seen reported for Android are:
Malware in the Play Store. This is the only way I’ve seen Android malware in the wild, on a family member’s device.
Zero-click exploits. The best prevention for these is an up-to-date OS. On an older device, that means a third-party build that won’t pass Google’s checks.
Thanks for the (partial) citation. That’s enough for me to believe someone important outside Google actually believes there’s a security concern rather than Google just using it as an excuse to be controlling.
That doesn’t mean I actually accept the concern as legitimate. I’d find a postmortem of a real data breach where that was a factor at least a bit persuasive, and there are enough countries with disclosure laws I’m inclined to think there would be some if it was a problem in reality.
How do you know this? Do you have a link to a source that says it?
I’ve tried (not especially hard) to find sources in the past citing actual incidents where end-user devices running non-stock Android or with root access led to bank fraud or data breaches. I didn’t find anything to suggest that’s a problem in the real world.
The main malware problems I have seen reported for Android are:
From a friend that works at a big bank. I don’t want to dox then so I can’t really say which one.
Thanks for the (partial) citation. That’s enough for me to believe someone important outside Google actually believes there’s a security concern rather than Google just using it as an excuse to be controlling.
That doesn’t mean I actually accept the concern as legitimate. I’d find a postmortem of a real data breach where that was a factor at least a bit persuasive, and there are enough countries with disclosure laws I’m inclined to think there would be some if it was a problem in reality.