We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
'Banking' phone?
Hey guys, I very nearly lost my phone today, fortunately somebody handed it in and on it I type this message 
... But this got me thinking, a, few people I have seen on the savings and investments board mentioned they use a separate phone for a lot of banking stuff that's not day to day.
For example, on my carry around phone I don't need say Atom bank, Tandem, Premium Bonds checker etc!
I'm guessing the best course of action:
1. Buy a cheap, but up to date Android
2. get a cheap sim
3. Install required apps on new phone, confirm working, decom on main phone.
If this is all right then I'm not sure on 1 and 2.
Banking wise I think what's most important is a phone supporting the latest version of Android, as I think many banking apps don't work with older versions. I think it's literally that - any suggestions?
In terms of sim - I currently use giffgaff, but for this I'm not sure what's best? I'd want something, I think, where I could topup once, and ideally the credit doesn't expire.
I think the only use of it would be using apps over WiFi, and perhaps getting texts for multi factor authentication.
So yeah, thoughts much appreciated
... But this got me thinking, a, few people I have seen on the savings and investments board mentioned they use a separate phone for a lot of banking stuff that's not day to day. For example, on my carry around phone I don't need say Atom bank, Tandem, Premium Bonds checker etc!
I'm guessing the best course of action:
1. Buy a cheap, but up to date Android
2. get a cheap sim
3. Install required apps on new phone, confirm working, decom on main phone.
If this is all right then I'm not sure on 1 and 2.
Banking wise I think what's most important is a phone supporting the latest version of Android, as I think many banking apps don't work with older versions. I think it's literally that - any suggestions?
In terms of sim - I currently use giffgaff, but for this I'm not sure what's best? I'd want something, I think, where I could topup once, and ideally the credit doesn't expire.
I think the only use of it would be using apps over WiFi, and perhaps getting texts for multi factor authentication.
So yeah, thoughts much appreciated
0
Comments
-
They key is actually how secure the phone is. In that sense a cheap Android is likely to be less secure than just using your own phone. (Because it’s unlikely to be up to date with security patches and probably won’t have biometric authentication)
For the most secure use:
Make sure your SIM is pin protected, turn on SIM PIN in the phone settings and change it from the default
Turn on the phones security so you need to enter a password/phrase (not PIN) or FaceID or fingerprint before the phone will work
Use the banking app to authorise transactions not a code sent by SMS
if you have to use codes sent by SMS then turn of message previewe on Lock Screen
if using an Android phone, only install apps from the Play Store
Make sure your phone is up to date (if Android make sure Play security update is also up to date)
Do not use your banking apps while other people are watching.3 -
I do all my other banking from a PC instead and just have my single current account bank on my phone.0
-
PHK said:They key is actually how secure the phone is. In that sense a cheap Android is likely to be less secure than just using your own phone. (Because it’s unlikely to be up to date with security patches and probably won’t have biometric authentication)
For the most secure use:
Make sure your SIM is pin protected, turn on SIM PIN in the phone settings and change it from the default
Turn on the phones security so you need to enter a password/phrase (not PIN) or FaceID or fingerprint before the phone will work
Use the banking app to authorise transactions not a code sent by SMS
if you have to use codes sent by SMS then turn of message previewe on Lock Screen
if using an Android phone, only install apps from the Play Store
Make sure your phone is up to date (if Android make sure Play security update is also up to date)
Do not use your banking apps while other people are watching.This is all sound advice - I would also add:- not to reuse the same PIN for banking apps that you use to unlock the device.
- turn on the automatic device wipe option if entering an incorrect pin a certain amount of times.
- turn on the ability to track the phone (e.g. Apple's 'Find My') and remote wipe it.
For the vast majority of instances, all these precautions should be more than adequate - although there seems to be a growing number (but still very small) of violent crimes where victims are made to divulge their login credentials (under duress), or have their drinks spiked and their biometrics used.The only solution to this would be not to have any financial apps on the phone to begin with. But I find banking apps too convenient (versus online banking via pc/laptop). Having said that, I will usually take a second cheaper phone (with a more curated app selection) if I am spending time in a dodgy part of town. I also try to mitigate any potential damage by keeping the majority of my savings with providers where I don't have the app installed (though not always possible for the best rates), and where withdrawals can only be made to a nominated account. But there are limitations, for example, it doesn't prevent 'bad actors' from applying for and maxing out overdrafts on accounts that support them if they gain access to your banking app(s).Anyway, it's that trade-off between convenience and security, and only you can decide where you feel comfortable. I know someone will say that banks are obligated, under the voluntary code many of them signed up to, to refund vicitims that have not acted grossly negligent - but this will often be an uphill struggle if you find yourself in that position.Edit: Just to add a consideration for the OP - cheap androids usually come with limited support (usually up to 2 years), and their update cycle is often quite delayed. Banking apps are quick to drop support for devices or OS versions that are end of life. And then, of course, there is a concern about how insecure some cheap 'no name' branded phones off online marketplaces might be. Even some better known brands are built upon code littered with vulnerabilities (even if they use the Android base). Oh, and probably worth mentioning that some cheap android handsets still use a 32bit OS, when some banking apps require 64bit.1 -
Thanks for the detailed feedback. I think I pretty much do those things anyway in the main.PHK said:They key is actually how secure the phone is. In that sense a cheap Android is likely to be less secure than just using your own phone. (Because it’s unlikely to be up to date with security patches and probably won’t have biometric authentication)
For the most secure use:
Make sure your SIM is pin protected, turn on SIM PIN in the phone settings and change it from the default
Turn on the phones security so you need to enter a password/phrase (not PIN) or FaceID or fingerprint before the phone will work
Use the banking app to authorise transactions not a code sent by SMS
if you have to use codes sent by SMS then turn of message previewe on Lock Screen
if using an Android phone, only install apps from the Play Store
Make sure your phone is up to date (if Android make sure Play security update is also up to date)
Do not use your banking apps while other people are watching.
Perhaps 'cheap android' was the wrong way to think of it - Imagine a half decent android if you will - say £200 or so - that'd basically be like my existing 'main phone really. Surely using that and keeping it at home reduces risk too.
Some apps feel more secure than others - Tandem for example does bother me - you put in your phone number, a text is received, then it auto fills in the text! - Even if it doesn't it's not difficult to get the text anyway. So in effect, if someone has your phone unlocked - perhaps they swipe it out of your hands - all they'd need is the phone number - to get into Tandem.0 -
Yep, the pin/codes for banking apps are different to the main phone pin. Automatic wipe is an interesting one I hadn't considered. I think I was relying on the web based wiping - which I have at my disposal with the find my phone type thing in Android. I'd keep probably a current account, perhaps 2, on a main phone, but nothing else. The 64 bit side of things is interesting, I guess getting a 64bit phone is the safe and more futureproof option. I wonder what my current one is! Yeah I'd for sure only buy a new phone, and looking around yesterday it seems Motorola or Nokia have some handsets at the bottom end of the market - again - not sure if they're 64bit or not. Android 13 go was on the Motorola I think.datz said:PHK said:They key is actually how secure the phone is. In that sense a cheap Android is likely to be less secure than just using your own phone. (Because it’s unlikely to be up to date with security patches and probably won’t have biometric authentication)
For the most secure use:
Make sure your SIM is pin protected, turn on SIM PIN in the phone settings and change it from the default
Turn on the phones security so you need to enter a password/phrase (not PIN) or FaceID or fingerprint before the phone will work
Use the banking app to authorise transactions not a code sent by SMS
if you have to use codes sent by SMS then turn of message previewe on Lock Screen
if using an Android phone, only install apps from the Play Store
Make sure your phone is up to date (if Android make sure Play security update is also up to date)
Do not use your banking apps while other people are watching.This is all sound advice - I would also add:- not to reuse the same PIN for banking apps that you use to unlock the device.
- turn on the automatic device wipe option if entering an incorrect pin a certain amount of times.
- turn on the ability to track the phone (e.g. Apple's 'Find My') and remote wipe it.
For the vast majority of instances, all these precautions should be more than adequate - although there seems to be a growing number (but still very small) of violent crimes where victims are made to divulge their login credentials (under duress), or have their drinks spiked and their biometrics used.The only solution to this would be not to have any financial apps on the phone to begin with. But I find banking apps too convenient (versus online banking via pc/laptop). Having said that, I will usually take a second cheaper phone (with a more curated app selection) if I am spending time in a dodgy part of town. I also try to mitigate any potential damage by keeping the majority of my savings with providers where I don't have the app installed (though not always possible for the best rates), and where withdrawals can only be made to a nominated account. But there are limitations, for example, it doesn't prevent 'bad actors' from applying for and maxing out overdrafts on accounts that support them if they gain access to your banking app(s).Anyway, it's that trade-off between convenience and security, and only you can decide where you feel comfortable. I know someone will say that banks are obligated, under the voluntary code many of them signed up to, to refund vicitims that have not acted grossly negligent - but this will often be an uphill struggle if you find yourself in that position.Edit: Just to add a consideration for the OP - cheap androids usually come with limited support (usually up to 2 years), and their update cycle is often quite delayed. Banking apps are quick to drop support for devices or OS versions that are end of life. And then, of course, there is a concern about how insecure some cheap 'no name' branded phones off online marketplaces might be. Even some better known brands are built upon code littered with vulnerabilities (even if they use the Android base). Oh, and probably worth mentioning that some cheap android handsets still use a 32bit OS, when some banking apps require 64bit.0 -
It’s the features of the phone and the guarantee of security updates.ChilliBob said:
Thanks for the detailed feedback. I think I pretty much do those things anyway in the main.PHK said:They key is actually how secure the phone is. In that sense a cheap Android is likely to be less secure than just using your own phone. (Because it’s unlikely to be up to date with security patches and probably won’t have biometric authentication)
For the most secure use:
Make sure your SIM is pin protected, turn on SIM PIN in the phone settings and change it from the default
Turn on the phones security so you need to enter a password/phrase (not PIN) or FaceID or fingerprint before the phone will work
Use the banking app to authorise transactions not a code sent by SMS
if you have to use codes sent by SMS then turn of message previewe on Lock Screen
if using an Android phone, only install apps from the Play Store
Make sure your phone is up to date (if Android make sure Play security update is also up to date)
Do not use your banking apps while other people are watching.
Perhaps 'cheap android' was the wrong way to think of it - Imagine a half decent android if you will - say £200 or so - that'd basically be like my existing 'main phone really. Surely using that and keeping it at home reduces risk too.
Some apps feel more secure than others - Tandem for example does bother me - you put in your phone number, a text is received, then it auto fills in the text! - Even if it doesn't it's not difficult to get the text anyway. So in effect, if someone has your phone unlocked - perhaps they swipe it out of your hands - all they'd need is the phone number - to get into Tandem.Keeping the phone at home might sound secure but you need to check on it regularly. Most fraud happens from people who either observe you or are close to you. (The friend who knows you have a banking phone that you don’t check very often, could remove the SIM etc etc)0 -
All valid points, I guess it depends on your lifestyle, it's probably something I'd be using multiple times a week, and the only person who'd even know about it would probably be my wife!PHK said:
It’s the features of the phone and the guarantee of security updates.ChilliBob said:
Thanks for the detailed feedback. I think I pretty much do those things anyway in the main.PHK said:They key is actually how secure the phone is. In that sense a cheap Android is likely to be less secure than just using your own phone. (Because it’s unlikely to be up to date with security patches and probably won’t have biometric authentication)
For the most secure use:
Make sure your SIM is pin protected, turn on SIM PIN in the phone settings and change it from the default
Turn on the phones security so you need to enter a password/phrase (not PIN) or FaceID or fingerprint before the phone will work
Use the banking app to authorise transactions not a code sent by SMS
if you have to use codes sent by SMS then turn of message previewe on Lock Screen
if using an Android phone, only install apps from the Play Store
Make sure your phone is up to date (if Android make sure Play security update is also up to date)
Do not use your banking apps while other people are watching.
Perhaps 'cheap android' was the wrong way to think of it - Imagine a half decent android if you will - say £200 or so - that'd basically be like my existing 'main phone really. Surely using that and keeping it at home reduces risk too.
Some apps feel more secure than others - Tandem for example does bother me - you put in your phone number, a text is received, then it auto fills in the text! - Even if it doesn't it's not difficult to get the text anyway. So in effect, if someone has your phone unlocked - perhaps they swipe it out of your hands - all they'd need is the phone number - to get into Tandem.Keeping the phone at home might sound secure but you need to check on it regularly. Most fraud happens from people who either observe you or are close to you. (The friend who knows you have a banking phone that you don’t check very often, could remove the SIM etc etc)
It looks like at the cheaper but 'established' end of the market there's lots of phones with Android 13, but only 'go' variant, which I'm not sure if that'd cause me grief.
It's a tempting reason to splash out and get myself an upgrade on my main phone, but then what was an idea at say £100 becomes a £400 spend or something, oops!0 -
So far my wife has misplaced her phone in India x 2, Mexico x 3, USA x 1, Czech Republic x 1 and uncountable number of times in the UK. Every single time she has gotten it back.ChilliBob said:Hey guys, I very nearly lost my phone today, fortunately somebody handed it in and on it I type this message... But this got me thinking, a, few people I have seen on the savings and investments board mentioned they use a separate phone for a lot of banking stuff that's not day to day.
I dont know all the security features on Android but with iPhone its very easy to send the phone into lost mode at which point the only thing it can do is 1) broadcast its location, which will continue even when the phone is off and for some time after the battery has apparently died and 2) allow the phone to call a number that you specify when setting lost mode.
Most the time the phones been handed in or is still on the bus/taxi which she left it. A couple of times it appears to have gone to someone's home or such but they have reached out and given it back.
If you believe the press the phones, or at least Apple, are now useless if found as you have no mechanism to reset them unless you have the password to turn off the security. Hence most will do the good deed of handing them back as they have little worth otherwise, even in countries where the phone is 4 months salary of the average person.
There will always be those who think we should all wear tinfoil hats and have absolutely no appetite for any level of risk. Personally, I think one good device that you routinely carry around with you is better than two devices where one is of more questionable quality (which ironically is where you are suggesting putting the sensitive information) which you dont routinely carry around with you and so is less convenient and easier to miss the fact you dont still have both with you.0 -
Blimey, that's a lot of lost phones!
I think the whole 'questionable quality' side of things is perhaps where there is confusion - in my view, a budget Samsung/Nokia/Motorola isn't of questionable quality - it's just as good quality as a flagship, it's just lower specification, so not good for more demanding every day use such as photos/gaming etc.
Now getting some no brand phone or something then yeah, I'd 100% follow this idea - it's akin to using a computer that's not patched and perhaps has no AV or firewall - it'll work but yeah, it's far from ideal!
To use the PC analogy here I'm saying two machines running say Win10 or 11, both fully patched, just one has 16gb RAM and a nice fast processor, one has 4gb or something and is a bit sluggish with video processing.
Anyhow, it seems that most in this thread are pretty against my idea! - Perhaps with good reason!0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 348.6K Banking & Borrowing
- 252.2K Reduce Debt & Boost Income
- 452.5K Spending & Discounts
- 241.3K Work, Benefits & Business
- 617.8K Mortgages, Homes & Bills
- 175.8K Life & Family
- 254.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 15.1K Coronavirus Support Boards