All the banks I have an account with here in India require SMS permission to use their apps, along with . The last straw was HDFC with their latest app revamp.
LOL in the name of security, HDFC is trying to move their OTP verification to be almost entirely app-only, (not open-source TOTP which can be generated by authenticator/any other auth app; you can only use HDFC's app for that even if you want to log in via desktop).
I think that’s pretty common worldwide. In Australia I’ve never encountered a bank or government service that allows any widely accepted secure 2FA. It’s always SMS or their own app. There used to be physical hardware tokens as well but they are going away.
I don't even care that much if they want to handle the 2FA with their proprietary methods. There are Android APIs that broker the OTP SMS delivery to the app without the app needing full access to the phone's messages.
If they can't do it on iPhone, they don't need to do it on Android.
sometimes_all|3 months ago
Regulators sleeping at the wheel on this one.
left-struck|3 months ago
RajBhai|3 months ago
If they can't do it on iPhone, they don't need to do it on Android.