Challenger (Mobile Only) Banks in Qubes

General Discussion
1

Challenger banks: small/medium sized banks that operate without the heavy infrastructure and legacy systems. Generally have no branches and operate only through mobile apps.

Their systems typically involve in-app verification of purchases for safety, but may also use SMS 2fa or (possibly?) status on SS7 networks- can anyone comment?

Logging in from a new device usually requires some kind of face/voice verification.

Has anyone been able to get one of these types of banking apps working in qubes? This isn’t for nefarious purposes.

I assume that these apps are quite hard to break and that you can’t push pre-recorded proofs through the app as they’re timestamped and checked against previous submissions. If they’re not, then holy fuck.

But I do wonder if the Qubes networking infrastructure would confuse their submissions system, or how else Qubes might break the app.

Has anyone had successes engaging with these apps via Qubes?

If you need an explanation- I just don’t use phones, but I do want to get access to my old account to make a transfer before closing it.

3 Likes
2

See also: Using Pseudonymous Messaging Accounts on Qubes.

1 Like
3

You’re right about challenger banks and their focus on mobile apps and security. Here’s a breakdown of your questions on using them with Qubes:

Security Features:

  • In-app verification: This is common and works within Qubes as long as you can interact with the app normally.
  • SMS 2FA: This might be tricky. Qubes can handle SMS with disposable numbers, but it can be a hassle. Some banks might offer email or app-based authenticator options which are more Qubes-friendly.
  • SS7 (unlikely): SS7 is a legacy protocol less likely used for verification by modern challenger banks.

New Device Verification:

  • Face/voice verification: This could be a blocker. Qubes doesn’t currently support these biometrics.

Using Challenger Banks with Qubes:

There’s limited experience reported on using challenger bank apps within Qubes. Here’s why it might be difficult:

  • App Sandboxing: Challenger bank apps might be designed to work within a secure phone environment and detect anomalies of a virtualized system like Qubes.
  • Unique Device ID: Apps might rely on a unique device identifier that gets flagged in a virtual environment.
1 Like