Why should a bank be ever able to dictate what the user does with their device legitimately? They can't do so on the web through browsers, that is fine, why are we excusing this on phones?
Next up banks will start requiring out MDM enrollment? Is that equally understandable? Where do you draw the line?
It's unnecessary and intrusive to apply these methods unconditionally and on everyone.
> Why should a bank be ever able to dictate what the user does..
I'll deliberately answer early: because they're on the hook for your mistakes.
Your bank dictates security terms. This isn't new. They can demand you appear in person with multiple forms of identification. They can (and have) demand you use 2f hardware they provide. They can withdraw service if they think you're a risk to their business.
If I suddenly found myself with billions in potential liabilities, I'd do absolutely everything to ban footguns. Apps with system access installed from insecure sources. Yeah, no thanks.
Next up banks will start requiring out MDM enrollment? Is that equally understandable? Where do you draw the line?
It's unnecessary and intrusive to apply these methods unconditionally and on everyone.