Ask HN: How to Emulate a Smartphone on a Computer for Banking Apps?

Even with a Smartphone you will have a terrible experience if you do not use stock vendor software. On a custom rom one needs to install zygisk modules [0] to get around the play integrity madness (before that safetynet). As this still dies not rely in Hardware attestation it could works in emulators, too. What we need are court rouling against this ! Banks actually force us to give our data and sell souls to Google an Apple.

[0] https://github.com/chiteroman/PlayIntegrityFix/releases

Edit: seemingly PoCs exist : https://xdaforums.com/t/poc-safetynet-bypass-for-emulators.4...

Take a phone and glue it to a large sheet of plywood. You won’t mindlessly scroll when you have an awkward experience trying to use the phone.

- If you’re trying to solve the problem of phone being too addictive, make it less addictive. Delete twitter, setup your life around you so that it’s not focused around responding promptly to people. Intentionally don’t connect to WiFi and limit the speed to 2G.

I can’t speak for Europe, but here in the USA it’s still very practical to create a life without a phone.

I just bought my first cell phone ever last weekend, for exactly the reasons you describe: my bank (in Japan) stopped letting me log in to my online account without 2FA, which can only be received as SMS. I don't need or want a phone, don't use any of the apps, but I still had to purchase one and pay the monthly subscription in order to access my bank account.

boo

I've never used a banking app, always use the browser version. It just seems like something else to worry about, I don't do much banking really. Barclays uk have their own 2fa pinsentry, my other accounts use sms which is usable with the dumb phone my dad has.

It's easier to remove unwanted apps from the device and work on your self-control than it is to do what you are describing. A lot of banking apps won't work on a rooted phone, for instance. I'd imagine you will have similar problems in a simulator. Just keep a burner phone with minimal shit installed.

As for 2FA, there are plenty of devices that can do this without a phone/SMS. I use 1password for 2FA across all my devices (laptop, desktop, phone).

Some banks offer independent physical two-factor authentication devices.

ING: https://www.ing.nl/particulier/digitaal-bankieren/mijn-ing/s... HSBC: https://www.expat.hsbc.com/ways-to-bank/online/secure-key-fa... Bank of America: https://www.bankofamerica.com/security-center/online-mobile-...

It may be easier to switch banks to one with a supported solution that fits your lifestyle than rely on a workaround that would raise suspicion. And you'd be voting with your wallet.

I changed banks to one that supports "e.dentifier" -- a physical 2fa device. Unsure for how long it will be supported, as they are pushing the app quite heavily

Maybe try downloading android studio and setting up a phone in there. It will have access to the real Google play store.

This bothers me too - I would really prefer not to have to have a phone to interact in society. Phone farms have the technology to solve the problem you have - it's graceless, but it is an answer - essentially reducing things to servo-driven interactions with a phone.

Banking is one of the domains where you will encounter the bleeding edge of sophisticated bot/malware detection. Banks lose billions to fraud and theft. They will pay top dollar to detect and prevent it. Likewise, since the thieves can make so much money bypassing it, they will in turn be extremely sophisticated with their attacks. In short, you’re going to have a bad time. The easiest suggestion mentioned here is to buy a cheap phone and only use it for banking.

Additionally, most scammers don’t even bother trying to emulate phone platforms. It’s easier to buy lots of phones and install custom software that allows a bot farm to remote control it.

You could hope that Android Studio's emulator / modded Waydroid or WSA would work for a while. At most you'd be buying time. Seriously, just keep the phone and fix your own unwanted habits instead. You'd be wasting your time fighting the checks and blocks they have put in place. At some point strict hardware attestation will be both very strong and ubiquitous enough that it will be impossible to run apps with high security requirements in custom environments. Google and Apple have no incentive to let loose either, unless they are forced to, which I unfortunately don't see happening.

I tried a bit of the opposite: replacing the computer with a tablet that can run those apps directly.

I eventually found tablets too limited in what I can do with them (like an iPad in my case).

A weird non-solution could be something like keeping your smartphone, but use the mirroring function on your laptop (Apple just announced this on Mac OS to mirror an iPhone).

This makes me think: while developing on Mac OS for the iPhone, one can run an emulator to check the app. Could that emulator be used with a shipped app? (Assuming you can even get the app itself from the store). I have no experience in that area.

There are a few ways to bypass the usage 1. Try our ChromeOS or Chromebook It supports android app via Play Store 2. Try dual boot using androidx86 project

Since, hardware limitations, options seem pretty much restrictive

I think the best approach would be to enroll the device in a MDM solution such as jamf. You can use this to apply very granular restrictions to what apps or websites can be used, and if you set a complex passphrase then you can’t just log in and reduce the restrictions.

I started down this path, but unfortunately I’d already been using the device and it was tricky to migrate data like photos/contacts onto the restricted device.

Get a cheap android phone and put a metered data service on it like Tello ($6 month for 1G and 200 SMS). Then leave it at your desk like PP said.

You might get by with WiFi service and a Google voice number, but many banks only trust real cell numbers and don’t work with VOIP numbers annoyingly.

I'm a bank customer in the EU without a smartphone. I have a dumb phone (think Nokia) and the bank will happily send me a traditional SMS for two factor validation, when required. Works everytime and no need for a smart phone at all.

If you already have your phone, why not just leave your phone where your computer is?

If you are just trying to get a 2FA code, you can generate them. You could use something like https://github.com/rsc/2fa on your command line.

You will need to use Frida to avoid root checks if you are going to go the emulator route.

You can attach a mouse, keyboard, and a monitor to an iPhone.

Might be worth trying like that?

Windows Subsystem for Android might work better than an emulator.

Find a different bank.

I haven't been able to do that too, but, here's my experience regarding smartphone use--When I was using an Android, I'd go to accessibility settings and turn the display grayscale. It felt so /tasteless/. Like food without salt. And my smartphone use went down.

When I switched to iOS, I deliberately chose the little SE 2020 edition with a terrible battery so I wouldn't use it much and it has worked. I still click a lot of pictures, use the banking apps, whatsapp here and there, readonly email access but haven't been wasting time on it and it makes me happy :D

In fact my first smartphone ever was a BlackBerry Q10 (in 2018!), deliberately chosen to not get into smartphone addiction.

By the way, kome, would you please get in touch with me? My email's in the bio. I'd love to chat with you about your time prior to having a smartphone :)

i would try to get a tablet or ipad. you can still use the apps you need, but it won’t fit in your pocket.

Can it work through Browserstack?