Banking apps on Sailfish OS

JacekJagosz · 15 June 2024 14:50

I don’t want to contribute to the wiki yet, because maybe there is a way to fix it.
I can’t log in into Polish version of ING mobile app on SFOS 4.6, installed using Aurora Store.

It says the app has been installed from unknown source.

This has been an issue in 2022, but there has been a workaround made GitHub - enedil/fix-ingmobile-on-huawei: Spraw, by Moje ING działało na telefonie bez Google Play
It was possible to do this fix on SFOS, not using the script unfortunately but at least manually. Later ING has quietly rolled back this check, and it simply worked installing from Aurora store.

I haven’t used ING on SFOS for a few months and when I wanted to go back the issue is back, but that fix no longer works. Installing the app using Android’s pm install-create -S 122567816 -i com.android.vending returns Java error when I try to do it.

Exception occurred while executing 'install-commit':
java.lang.NumberFormatException: s == null
        at java.lang.Integer.parseInt(Integer.java:577)
        at java.lang.Integer.parseInt(Integer.java:650)
        at com.android.server.pm.PackageManagerShellCommand.runInstallCommit(PackageManagerShellCommand.java:1397)
        at com.android.server.pm.PackageManagerShellCommand.onCommand(PackageManagerShellCommand.java:193)
        at android.os.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:98)
        at android.os.ShellCommand.exec(ShellCommand.java:44)
        at com.android.server.pm.PackageManagerService.onShellCommand(PackageManagerService.java:21766)
        at android.os.Binder.shellCommand(Binder.java:929)
        at android.os.Binder.onTransact(Binder.java:813)
        at android.content.pm.IPackageManager$Stub.onTransact(IPackageManager.java:4603)
        at com.android.server.pm.PackageManagerService.onTransact(PackageManagerService.java:4307)
        at android.os.Binder.execTransactInternal(Binder.java:1159)
        at android.os.Binder.execTransact(Binder.java:1123)

Does anyone know what changes to com.android.vending have been made in newest SFOS release?
Or has anyone found other way to workaround app detecting not being installed through Play Store?

eson · 15 June 2024 15:42

This shit is making me more and more furious. This is what our governments (or EU/UN) should have solved many years ago.

Why are we even letting the banks fuck us like this? It should be the easiest thing in the world to force them to make all their apps, sites and everything in between, platform independent.

Damn, demand from your politicians that they fix this!
And not in 20 years… NOW!

NIS · 15 June 2024 21:41

Do you mean Aurora Store does NOT work?

crun · 15 June 2024 23:34

If you are in the EU (I’m not), they have given you the DMA. Google is a gatekeeper, and some API’s are anti competitive, like this. Join St Max doing God’s work.

Also think of Article 11 of the ECHR which protects “freedom of association”
An unconsidered aspect of that is that in the tech era you are being compelled to associate with both foreign corporations, and the govt’s whose security laws they must obey. The ECHR probably only bears on the State compelling you, not private actors. It might however be used e.g. to stop a govt dept from exclusively distributing it’s apps on Play store and IoS only.
I am currently using this argument to stop my (state funded) university forcing me to agree to a contract with the Turnitin anti-cheating service as a condition of submitting assignments.

JacekJagosz · 16 June 2024 00:30

Yes, the app detects it hasn’t been installed by the Google Play Store, and prevents me from logging in.

kan_ibal · 16 June 2024 03:51

It still works. You can set ‘Installation method’ as ‘AM installer’ in AuroraStore and use App Manager from F-Droid. In App Manager->Settings->Installer>Installer App->com.android.vending

meegouser · 16 June 2024 05:48

Is the fix supposed to be just what you’ve described there, or is there further, app-specific tweakage needed as well? I tried it with the app “Hanseatic Bank Secure” (as mentioned in the Wiki above by me), with “MicroG Companion/com.android.vending” acting as installer app with App Manager, however it still complains about the “App download being untrustworthy”, just as it did before via Aurora Store’s session install method.

kan_ibal · 16 June 2024 06:08

No additional app tweaking is required. Setting com.android.vending in AppManager is the same as choosing Native Installer(now marked as deprecated) in Aurora Store.
It looks like your banking app uses additional methods of “trustworthiness” checking :).

meegouser · 16 June 2024 06:17

You speak of “com.android.vending”, however on my end it is (being the sole “com.android.vending” entry in App Manager’s list) labelled with “MicroG Companion” on top. Is having MicroG installed already a given pre-requisite anyway in your step-by-step instructions, or could that be another source for issues?

kan_ibal · 16 June 2024 07:08

“com.android.vending” is a string that “Google Play Store” sets during install process and some banking apps are checking this string to confirm that is installed from Play Store. App Manager shows MicroG because MicroG has registered this string in AAS.
Regarding banking app and its requirements MicroG itself is another issue.

meegouser · 16 June 2024 07:23

Alright, thanks for elaborating.

NIS · 16 June 2024 10:09

I wasn’t referring to your post, but to the one from @Pasci
Sorry for that misunderstanding

Pasci · 16 June 2024 14:32

Yeah, its the same like the discussion of the ingdiba app above. The app is checking the installation source.

NIS · 16 June 2024 17:01

That’s unfortunate. Maybe the installation method via the App Manager mentioned above can help with this.

It is really good to have all this information here, so you can check a benk before switching to it

JacekJagosz · 16 June 2024 22:13

You are correct, this fix did work for me!
So I can confirm polish ING app works on SFOS after jumping through some hoops.

hildon · 17 August 2024 02:10

We should lobby to EU to mandate some banking app standards. Right now, banking apps effectively enforce a mobile duopoly: App Store and Google Play. They will never bother with anything else, so other platforms will remain niche.

One realistic solution could be to force them to make most functionality available to a web browser, plus perhaps some browser containerization for the sake of security.

ExTechOp · 30 September 2024 11:18

Currently on Sony Xperia 10III and SFOS Sauna 4.6.0.15 (and MicroG 0.2.27.223616), I am unable to use Danske Bank Mobiilipankki. It informs me that it can only be used on one device at a time, and the device binding must be renewed. Then it fails at logging in: after I’ve entered my account and password, it never asks for the 2nd authentication factor, but immediately returns back to the single device popup. Suggestions?

ExTechOp · 30 September 2024 11:42

And just after writing this, I was able to solve the problem: uninstall the whole application and then reinstall. At that point I was presented with the choice of which kind of 2nd factor authentication I want to use, and using the code generator dongle it went through.

meegouser · 1 October 2024 01:27

Is there an intentional reason why you are using an old MicroG version from January 2023? The most recent one is 0.3.3.240913 (albeit with a small regression, that may or may not affect you, which will be fixed soon in a new release): Releases · microg/GmsCore · GitHub (the two relevant packages for our purposes are always com.android.vending-(numbers).apk and com.google.android.gms-(numbers).apk).

ExTechOp · 1 October 2024 13:31

That was what I installed to make Mobilepay work, and no updates from this version have been offered by F-Droid. Should it have done this automatically?