English

Using a banking (TAN generator) app on LineageOS?

lineageos
banking
Tags: #<Tag:0x00007f9ff6044c80> #<Tag:0x00007f9ff6044b18>

#1

Hello together,

my bank is pushing me away from my easy to use ITAN to a more fancy TAN principle.
I assume I’m not the first person facing the issue and wonder if somebody already put some time and effort into this lately.

So from my understanding the TAN-app has the following requirements: no root, no jailbreak, no beta version of the OS.
Is this achievable with LineageOS?
In general I found this nice thread about installing any App for Open OS. Is this in principle applicable for LineageOS as well?

In detail my phone currently runs LineageOS without any other fancy thing (root, Gapps, …). I use the f-droid store and have the yalp store installed but no apps installed via this one at the moment.

So:

  • Will it be possible to use the TAN-app without Open Gapps? (I guess the app uses at least the messaging framework from Google.)
    • Would as an alternative microG do the job?
    • Can I add microG at this later stage to lineageOS? (I think I somewhere read that this is not possible or maybe not possible for Open Gapps?)

Thanks for any detailed sharing of experience.

PS: I am aware of alternatively using a dedicated TAN Generator device.


#2

If it uses a SafetyNet check, no (well, see next point)

Maybe but you will either have to try it or find someone else who has already tried it with microG.

See https://lineage.microg.org

Worst case you can install Magisk and hide that your phone is rooted. But it might also work with root just deactivated in the Settings (if you’ve even flashed the su/root addon) and GApps


#3

The condirect phototan app runs on LLOS+root, maybe the tan generator also, as it only converts light signals to readable text. But this is a shot in the dark. Did you try installing it?


#4

I’m not aware that my bank (DKB) offers a photo-tan App. As I understand it, they send a push message to your phone when you are doing a transaction which then displays the TAN which you can enter. And they proudly advertise that if you install the banking app, too, it will be even more comfortable for you. 2-factor authentication with one device. Great. But ITAN is “insecure”.


#5

I tried to install the DKB app on a rooted lineageOS with GApps. Didn’t work. Also not with Magisk and hide root addon. I never had a non-rooted version from lineageOS to test it.
But it is very easy to try: Install the App. If you get an error message directly after the start, it won’t work, else it will. You don’t need to register your smartphone at DKB to test it out.


#6

DKB tan app doesn’t work on LOS with root. They declare your phone insecure (also, they don’t like screen reader apps, so visually impaired? No dkb tan app, and no dkb verified by Visa)


#7

DKB offers SMS-TAN for “Verified by Visa” (0.07 € per SMS) which I use.

DKB did not turn off my iTAN yet. If this occurs, I always have to use the inconvinient chipTAN method which I already have.

The reason why I don’t use those TAN apps is that I find them insecure. Smartphones are complex systems in which constantly security holes are found. Also, I don’t want to fill my app list with many apps which I only use rarely.


#8

I’m using chiptan now, as my wife already had the reader. And yes, i don’t need everything on my mobile, too :wink:
Also, i switched to sms for verified by visa. Not that often that i need that, so 7c are not that big a bite in my budget


#9

I just did some reading, they have a second option with a “secure code”. It sounds really promising save, especially step 3 in the howto (German):

So, if I understand correctly, you have to click on a link during the payment process (which from a malicious web shop) could go anywhere and look like anything. And they call that secure. :slight_smile:

Interesting. I have 9 logins left to the online banking before I have to switch. There is a start page when login in with a counter and two buttons “Ich möchte später wechseln” or “Später wechseln”. Feels like a modern dystopia.

General question, which ChipTan device are you using? For most of them you find always a bunch of people complaining about short life time of these devices.

And btw. thx for the input so far @all


#10

I know ReinerSCT and Kobil chipTAN generators.

The Kobil is larger, with larger keys, which I guess many people would like.

I like the ReinerSCT a bit more, because it is more robust in accepting the optical data transfer sequence.
If this self-repeating sequence isn’t given in a steady enough speed (and that can happen in any browser from time to time), the Kobil will abort and wait for the next start of the sequence to start the data transfer again, while the ReinerSCT takes speed variations as they come and just waits for the next step in the sequence to happily continue.

In practice though, that’s a minor difference. In general both devices just work like intended for me, and there’s always a button for decreasing the speed of the sequence to a fail-safe level, and if all else fails, you can enter the data manually to proceed to getting the TAN.

I have no complaints about the longevity of the both of them, none of the ones I know ever broke. I’m using Varta batteries, and my generators run for years on one set with let’s say weekly use.


#11

At my parents, I use their Kobil reader. At my own home and at work, I use two ReinerSCT readers from Mediamarkt. (I do not take them with me, but you could, because the ReinerSCT is so small as my pocket radio which fits in my pocket.)

The Kobil device is a few years old, so I cannot complain about a short life time. The ReinerSCT ones were used only 1-2 times yet, so I cannot say anything about lifetime. Of course, you have to exchange the battery after some years, but FP2 users should be familiar with that.


#12

Yes. But at my last payment there was nothing like that (ignoring the fact of clicking a random link for your banking actions… Haha. But no support for a rooted mobile, or screen reader)


#13

FWIW, Rabobank and Bunq work on a rooted LineageOS with microG, including online and offline 2FA (TAN).


#14

I use the FP2 with non-rooted LOS. For me, the TAN2GO app does work, and the banking app also works (not using it, because yeah, 2FA on the same device is kinda crap), with the exception of the VISA verification thingy. That one complains about non-existant root…


#15

Thanks for the info. You obtained the apps via the Yalp store? Do you have the GApps installed?

In general, I had a nice chat, with somebody from the second level support. He sounded like he knew what he is doing and agreed with most of my criticism but in the end had to say what the company wants him to say.