Banking Apps with SailfishOS

The problem with Sailfishos is that banks distribute their APPS exclusively via Google Play Store. Under Sailfishos you are excluded from some apps, but I have found a solution.
Install Banking Apps etc on SonyXperia2 with SailfishOS – this is easy
You need a 2nd Android smartphone – You install the software “APK Installer by uptodown” from the Playstore. With the program APK Installer you can make a copy of the required apps like Banking APP, … under “Manage Apps”…
Use the file manager to search for “APK” files.Select files and transfer them to SonyXperia2 mobile phone via “share files” via Bluetooth etc… On SonyXperia2 with SailfishOS mobile phone with file manager search for “APK” files and install by clicking and choosing install. BelegCheck App for tranfering Data from cash Register works. Raiffeiesen Banking App with PushTan works under Sailfish OS. It is not possibile to find the apps on other app stores. And i do not want install googleplaystore on sailfishOS

1 Like

You can download F-Droid for AD. Then you can download Aurora-Store there. This one accesses the original play store sources and provides all the (free) apps from the play store. So no need to download somewhere.

4 Likes

The actual major problem with Home-banking applications is that some of them require a lock screen mechanism for two factor security. Currently, Android settings neither allow to set a screen lock nor recognize the SailfishOS screen lock.
As result of this situation, I need an android device to authorize Home-banking operations.
This behavior was already reported in Together but, as far as I know, Jolla never makes any official statement about this matter.

3 Likes

What should Jolla say? The reasons are the banks that bind themselves to the Google services or the Apple universe. The system is fail.

7 Likes

It seems Hubb5 is right and it belongs not only home-banking apps but also general security apps like Microsoft Authenticator which is also used by many companies to secure their business accounts. Fortunately MS Authenticator app is available in Aptoide store in same version like in Google play store, but the app doesn’t provide security for business accounts most likely because Sailfishs Android support doesn’t provide APP LOCK-feature.

1 Like

I’d recommend everyone to get a cardTAN device. It is more secure and works everywhere with every browser.

3 Likes

I have microG + Microsoft Authenticator on XA2. Installed from Aurora Store. It worked already on Intex AquaFish. I use the Authenticator for business account as SailOTP can’t generate valid code for Microsoft 2FA login. The trick was to disable all permissions and use it only “offline”.

1 Like

Can you elaborate on how you got MS Authenticator working?

I’m trying it on an XA2 and I either get a white screen when trying “login with Microsoft” or it grumbles about Google Play Services not running when scanning a QR code. I’ve installed microG but not sure which bits need enabling to make it work.

Thanks!

Just for curiosity, is there difference between business and private account since I use SailOTP with my hotmail 2FA?

1 Like

I am also able to use native foilauth app for 2FA login into my (non-business) Microsoft account.
Very nice app by the way!

In my case (something we’re testing at work) I need to use the “tap to auth” functionality of MS authenticator rather than a generic OTP code.

just read about it in the MS documentation. Strange idea, they could just skip the step where you choose one of three 2-digit-numbers and let you just enter your Pin/Fingerprint/whatever on your phone. Security improvement from that must be negligible.

May I confirm what apozaf already pointed out. I work in IT Sec for more than a decade and I would strongly suggest to please not use one (1) internet connected device with an outdated OS for 2 (2!) factor authentication.
Esp. when it is not completely under your control as Android always is.

I am sure you can put that to work with micro-g, some more or less shady sources, Alien Dalvik settings etc.

But is it worth the risk?

My daily driver is my SF. I use an Android for some purposes and an iFone for others. None of these devices is in my eyes fit for security relevant actions. Simply because they are connected and have an OS that can be compromised. For business use the risk can be calculated, maybe minimized or simply accepted. I do not think you will like that kind of thinking when it comes to your personal banking.

sry for the wot.
just my 2c

3 Likes

It’s easy.

Banking app + TAN app on 1 mobile = no go

Only a few years ago, the banks forbade sending the TAN to the same device and banks were not liable. In 2020, convenience is suddenly more important than safety?! 2FA can be cracked if the transaction is carried out on the same mobile, regardless of what banks say. Android’s security has never been fundamentally improved. Every new version comes with tons of new bugs and only current devices get security updates at all. Aliendalvik on SFOS does not even receive all the necessary regular security patches and works with an outdated version.

If you want to be at least a little sure, then use an independent TAN procedure, named as ChipTAN, Sm@rt-TAN or CardTAN with an external TAN generator. Sure, it’s inconvenient, but better than nothing. If your bank doesn’t offer this, find another one.

4 Likes

To be honest, I didn’t know they support alternatives. Now I found the way to add alternative authenticator app in aka.ms/mfasetup. Thanks! Now I can get rid of another “must have” android app. How cool is that!

2 Likes

It wasn’t very obvious on Microsoft account page that you can use other than Authenticator app.

Yep I now ran into this with Google Workspace having Device Management enabled. On account sign-in, it requires a screen lock mechanism to be enabled, and as of Dec 2023, you can’t do it in App Support’s Android Settings - whatever mechanism you choose, simply doesn’t get saved.

I wonder if Jolla/y team has any ideas on how to at least allow saving the value, maybe that’s enough to fool this check mechanisms?

1 Like

This happens to me with my health insurance as well.
Even if that’s only for 2nd factor auth, the app checks and requires screen lock. It’s a pain that they don’t accept TOTP or other standards, but we cannot rule the world.

My bank has invented even more dumb protection then in

As of now bank requires an banking app to be able to send an sms during activation to obtain the activation code so there is not possible to activate the banking app from Android AppSupport.

I do all my banking on my laptop with browser. Luckily my bank has given me a free photo tan device and there is also sms tan available (costs 9 cent per sent sms) so I don’t need a banking app.

2 Likes