Late last year I decided to ditch google as much as possible, now I just use youtube and solve the occasional captcha. I installed grapheneOS with no Gapps or services, there was some growing pain, but you can get by pretty well, some apps will claim to be GSF dependant but run fine without, other apps will pop up when you launch them saying they won't run without google play services but then you hit ok and they run fine, some like uber you have to use through the website or webapp and it's still comfortable to use - then you have natwest, the app launches fine, you can log into your online banking fine through the app but then the second you try to load your account it closes, So I decided to just use the mobile site, how bad can it be? very.
Each time you want to check you balance you're forced to enter number x y z of your pin then characters f g h of your password, ok fine I get it better safe than sorry, but then you also need to wait for a text message and type in the 6 digit code, every single time you want to so much as check your balance, then if you want to make a single payment to a previously set up contact you have to tick several warning boxes, If you're currently thinking 'oh well it's good natwest is secure' I would argue 90% of it is pure security theatre  that only serves to make user experience worse, the first step of knowing someones password and pin should be enough assuming it isn't the phone number verification (lmao)    should stop most attacks, but the scam checks (tick this box to show you understand maybe you're getting scammed) and the need for a card reader to send transactions to new people or in some cases transactions larger than £50 offers no real protection, if someone is getting scammed do you really think a tick box that says hey maybe you're being scammed will offer much help? as far as the card reader that does offer some practical security but if you're on a night out trying to lend a mate some dosh so he can uber down and it pulls that shit you now can't even access your own fucking money. Finally the justification for not working without google play services.
due to security. :(
A vague answer that even a complaint didn't yield any fruit, no one I've spoken to at natwest can explain how google services enhances security for their app specifically, or even at all, but it becomes more interesting because it isn't that the app needs google play services it's that natwest don't want the app running on devices without google services, on my old device they did a similar thing with rooted devices but thanks to magisks hide root feature you could still use it on rooted devices - at the time I reached out through support and their reasoning for not allowing root users was much more justifiable, rooting a device increases the attack surface and makes the device harder to secure for less tech savvy users [Read this if rooted] But yet they don't allow devices that don't have google services i.e a bunch of code that their app doesn't require to function, a better way of describing making end users have code unnecessarily on their device? forcing users to increase the attack surface of their device, whilst also telling them it increases their security. I'm not sure what the root cause of this hypocrisy is, my guess would be the app has too many developers that don't communicate enough leading to contradictions in their approach to security - either way the amount of hoops I had to jump through, the fact I might not be able to send money unless I carry around a fucking card reader, the fact that every time I want to do anything they make me tick boxes designed to help out of touch boomers made me want to start looking for an alternative bank that takes security properly.
Online only banks such as revolut had an instant appeal, since they're tech first, it's worth mentioning first I use the paid plan £7 a month, but for me this fee is worth it, they also have free plans.
I'm going to highlight both the pros and cons
- Doesn't force you to increase your attack surface
- Allows you to authenticate on the app via fingerprint
- Nicer UI/UX
- Allows stock trading inside the app
- Allows you to generate virtual cards
- Allows you to generate disposable cards (details change after each use)
- You can disable features you don't use per card (Contactless, Online Transactions, Swipe payments, ATM Withdrawals, Location security)
- Limit spending per card
- Widget allowing recurring donations to charities
- Good budgeting system in the app
- Cannot transfer BTC only buy/sell (worthless)
- Cannot add custom charities to the charity widget
These pros lead to insane benefits to overall security, You can segregate cards based on use cases then limit them for that use, I use a virtual card for entertainment bills (spotify, plex, netflix) I know how much those services cost so that's all that card can spend per month, lets assume this virtual card does get got, the damage is incredibly limited and I can delete the card from the app, make a new one and I only have to set that new card up on three services instead of getting a new card and having to add a new card to all your accounts - I also further split my virtual cards into server fees, amazon+paypal, then for one off sites I use the disposable card. One little pro I like is it shows pictures alongside transactions, at a glace you see shit like amazon, spotify etc.
The security benefits also push over to physical cards as well, if I'm going on a night out or somewhere with erratic behaviour or events I lock down the card just through the app, set a spending limit, disable contactless (I also keep online transactions off all the time), then disable swipe payments - for that card to be compromised I would not only have to lose it but also have to disclose the pin to the person that found it and at most all that person could do is spend to my limit (I set it at around £50) and the second I can't find my card I go on the app, freeze the card then if I don't find it within a few days I terminate it and order a new one.
The budgeting system is also pretty great it can automatically categorise transactions or you can setup custom categories, you can apply budgets on a monthly basis, per category and overall, it provides spending habits in nice graphs offering good insight into your spending, it also breaks down spending into % you can see out of all money what percentage you spend on what, really gets your gambling 'habit' in check pretty quickly.
A final note I think is worth mentioning is the charity widget, I think any use of technology that makes good actions easier is worth some level of focus, The widget works as follows you go to the widget within the app, it lists charities and their purpose.
- Rainforest Alliance: Save our rainforests
- British Red Cross: Help Beirut rebuild
- WWF: Protect the natural world
- Movember: Change the face of mens health
- Cancer research UK: Beat cancer together
- ILGA-Europe: Push for LGBTQI+ equality
- Medecins sans frontieres: Help fight COVID-19
- Save the children: Help the most vulnerable
- The Trussell Trust: Support COVID-19 food bank appeal
- UN Refugee agency: Give refugees hope
You can click on any and get a more explained goal/current goal of the charity from that screen you can also easily setup recurring donation or a "Spare change" donation meaning each time you make a transaction it's rounded up to the nearest pound and the excess is given to charity, this spare change feature can also be used to save money in your 'vault'
To summarize companies should allow you freedom to configure your device as you wish or be replaced by a company that will.