Aurora Store gets apks directly from the Play Store, they are the exact same apks as in the Play Store. No idea if banking apps are gonna work as intended without Google services though, but that’s another problem. I hope this answers your question.
That sounds reassuring. I should have said that I’ve got microg services running on this device and actually I have already installed the banking and the identity verification apps but I haven’t used them to log in. They seem though to be launching fine.
I do have microg running on this device. I’ve got my banking apps working now.
When I start them, they launch automatically the identity verification app. This one needs the google services to function. However it seems to be working fine with microg as well.
The strange thing is that it is working with microg disabled as well. when it launches, it asks for the "google service/microg " to be enabled and brings up the screen to enable it. I just swipe it away and go back to the application’s screen which after a couple of seconds loads just fine. I enter my password and then the originating bank apps logs me in.
I am content that it works now. Though my main concern was the safety and security of the downloaded APKs for these apps from Aurora Store.
By the way, I found your guide in the forum and will be reding it. Thanks!
Regarding your threat model, you cannot be absolutely sure your bank account is safe and secure. Besides malicious apps, there are many attack vectors someone could use to steal your money (e.g. stealing password, SIM swap attack to circumvent 2FA, friend-in-need scam). So you should really evaluate the risk (chance * consequence) of the attack vectors and act accordingly. Downloading the app from Aurora is probably almost as safe as downloading from the Google Play Store, but there are probably easier ways to steal your money.
If you’re really worried about security, I reccomend using the Google Advanced Protection Program (or Apple’s version) on a separate device you use solely for banking.
On Android you can have multiple user profiles. You could setup a user profile with google play services or microg and use it for banking, while keeping your main user profile clean without google play services or microg. It might be a good trade-off between privacy and security to use a pseudonymous google account for logging into the google play store and downloading the apk from there.
Thanks everybody for all the insights shared and all the suggestions made!
For now I am having only the identity verification app in a separate user profile and no other specific apps for the banks.
I’ll be using it to verify my identity in the websites for the banks I have an account with using my laptop running on Linux and a (somewhat) hardened user profile only for banking.
I could actually do without the identity verification app as well but then I would need to use Windows with the identity identification program installed and a usb input device for typing in my “secret” password. However I don’t really want to do this.
I leave this thread open in case anyone feels like to post comments, suggestions, ideas …
Techlore is spreading privacy and security to the masses. The Techlore Discussions forum is a home for reasonable privacy and security discussions.