Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: How to emulate a smartphone on a computer for banking apps?
33 points by kome 3 months ago | hide | past | favorite | 47 comments
Until 2021, I never had a smartphone. While the "app" revolution unfolded around me, I happily stuck to using the internet on my computer. I navigated new cities by intuition, rarely asking for directions, relying on my good sense of direction. That changed when a European directive forced banks to require two-factor authentication, leaving me no choice but to get a smartphone. I bought a cheap one. Over time, I found myself using it for trivial things, like checking Twitter on the tram—moments of contemplation turned into information overload. Sure, having a map or buying a ticket on the fly is practical sometimes, but it hasn’t improved my life overall. Long story short, I've decided to remove the phone from my life again.

If I’m writing here, it’s because I need some ideas. Before buying a phone, I tried installing the banking app on an Android emulator (BlueStacks). However, the app recognized the emulator wasn’t a real phone and refused to work. My question is: how can I emulate a real phone on a computer? Does anyone have experience or references on this? It would be great to build a collection of ideas and references here in the comments that could be easily found by search engines for others with the same problem.

In summary: Have you ever done something similar? Any suggestions, ideas, or hacks?




Even with a Smartphone you will have a terrible experience if you do not use stock vendor software. On a custom rom one needs to install zygisk modules [0] to get around the play integrity madness (before that safetynet). As this still dies not rely in Hardware attestation it could works in emulators, too. What we need are court rouling against this ! Banks actually force us to give our data and sell souls to Google an Apple.

[0] https://github.com/chiteroman/PlayIntegrityFix/releases

Edit: seemingly PoCs exist : https://xdaforums.com/t/poc-safetynet-bypass-for-emulators.4...


My phone is running LineageOS and my banking app works, so YMMV.


thank you so much, riedel. this is the first answer that addresses the question. i appreciate the effort you put into digging and sharing your knowledge.


Plain Waydroid might work depending on the exact application you're using. Try that first because it's pretty seamless and has good performance (as Android processes run directly on the OS).

I used it for three years before giving up and getting a used phone (for other reasons). My banking application detected all other emulators, but not Waydroid.


thank you! i will try.


Alternative mobile OSes may work for banking apps, it's hit or miss. For example, SailfishOS (perhaps the only viable Linux distribution on phones, a successor of Nokia N770-N9) comes with an Android emulation layer if you purchase the license. Many banking apps work fine there.

Frankly, I find the current situation really frustrating from a security perspective and also because it has created a duopoly that is impossible to escape. Some banks offer SMS as 2FA (insecure, very susceptible to SIM cloning). Others offer push notifications inside apps (iOS or Android with Google Play services) which is not really a second factor, and pushes you to either Apple or Google. I wish hardware keys were more widespread and/or ChipTAN was still an option.


> What we need are court rouling against this !

Not possible, since this is a requirement of EU regulation.


Take a phone and glue it to a large sheet of plywood. You won’t mindlessly scroll when you have an awkward experience trying to use the phone.

- If you’re trying to solve the problem of phone being too addictive, make it less addictive. Delete twitter, setup your life around you so that it’s not focused around responding promptly to people. Intentionally don’t connect to WiFi and limit the speed to 2G.

I can’t speak for Europe, but here in the USA it’s still very practical to create a life without a phone.


I like out of the box thinking here. Recently I noticed that my phone (Samsung) has "bedtime mode" which makes everything displayed on the screen grayscale - I have used it couple of times and observed that it makes various content much less interesting and attractive for me Also disabling media sounds could be good idea.


A 9" tablet that you can't fit in a pocket was the solution I thought up but I like the cut of your jib.


Impossible in Europe - can't buy a train/bus ticket, can't go to a doctor, can't download/submit homework, can't prove I don't have COVID...


> Impossible in Europe - can't buy a train/bus ticket

I don't know a single place in Europe I've been to where I could not purchase some sort of a public transportation ticket without a phone.

Not a single one.


I just bought my first cell phone ever last weekend, for exactly the reasons you describe: my bank (in Japan) stopped letting me log in to my online account without 2FA, which can only be received as SMS. I don't need or want a phone, don't use any of the apps, but I still had to purchase one and pay the monthly subscription in order to access my bank account.

boo


If that happened in North America, you could just use TextNow to create a SMS-capable phone number and use it out of your browser.

I think there is no such thing in Japan: a website where anyone an create a throwaway account and get a phone number in any area code. Telephony is tightly run there. There are some commercial services like that that will give you a phone number, but you have to submit paperwork proving that you're a resident of Japan.


So you mean that, banking aside, you never had problems by not having a phone number?


Japan's quite unique in that regard.


Landlines still exist.


I've never used a banking app, always use the browser version. It just seems like something else to worry about, I don't do much banking really. Barclays uk have their own 2fa pinsentry, my other accounts use sms which is usable with the dumb phone my dad has.


It's pretty sad, but for lots of consumer/mass market banking, travel (airline/train, utility) companies the app experience is less annoying than the degraded browser experience.

If nothing else, usually the app will only need one login / setup, then stay logged in, while the browser version probably logs the user out after 5 or 10 minutes and requires some stupid SMS/email/phone 2FA frequently.


It's easier to remove unwanted apps from the device and work on your self-control than it is to do what you are describing. A lot of banking apps won't work on a rooted phone, for instance. I'd imagine you will have similar problems in a simulator. Just keep a burner phone with minimal shit installed.

As for 2FA, there are plenty of devices that can do this without a phone/SMS. I use 1password for 2FA across all my devices (laptop, desktop, phone).


Some banks offer independent physical two-factor authentication devices.

ING: https://www.ing.nl/particulier/digitaal-bankieren/mijn-ing/s... HSBC: https://www.expat.hsbc.com/ways-to-bank/online/secure-key-fa... Bank of America: https://www.bankofamerica.com/security-center/online-mobile-...

It may be easier to switch banks to one with a supported solution that fits your lifestyle than rely on a workaround that would raise suspicion. And you'd be voting with your wallet.


Right!

I wished banks would support yubikeys as 2FA tokens.


I changed banks to one that supports "e.dentifier" -- a physical 2fa device. Unsure for how long it will be supported, as they are pushing the app quite heavily


Maybe try downloading android studio and setting up a phone in there. It will have access to the real Google play store.


This bothers me too - I would really prefer not to have to have a phone to interact in society. Phone farms have the technology to solve the problem you have - it's graceless, but it is an answer - essentially reducing things to servo-driven interactions with a phone.


Except then you're running your personal banking software on someone else's computer. It seems like something someone committed to a phone free lifestyle might possibly be mindful of and want to avoid. I think a better solution would be to get a tablet that's far too big to fit in a pocket would be a better solution. No temptation to take it with you on short errand runs because it's way too big to put in any pocket, and gets you your banking apps.


Banking is one of the domains where you will encounter the bleeding edge of sophisticated bot/malware detection. Banks lose billions to fraud and theft. They will pay top dollar to detect and prevent it. Likewise, since the thieves can make so much money bypassing it, they will in turn be extremely sophisticated with their attacks. In short, you’re going to have a bad time. The easiest suggestion mentioned here is to buy a cheap phone and only use it for banking.

Additionally, most scammers don’t even bother trying to emulate phone platforms. It’s easier to buy lots of phones and install custom software that allows a bot farm to remote control it.


You could hope that Android Studio's emulator / modded Waydroid or WSA would work for a while. At most you'd be buying time. Seriously, just keep the phone and fix your own unwanted habits instead. You'd be wasting your time fighting the checks and blocks they have put in place. At some point strict hardware attestation will be both very strong and ubiquitous enough that it will be impossible to run apps with high security requirements in custom environments. Google and Apple have no incentive to let loose either, unless they are forced to, which I unfortunately don't see happening.


This is true, but it can't be reduced to just a habit problem. While habit is certainly a part of it, the bigger issue is that it's nearly impossible to exist without relying on a piece of shady technology that's now seen as proof of existence. My computer is more than capable of doing everything a phone can do, and our existence should be verified in less intrusive ways than through constant tracking of our location and habits.


I tried a bit of the opposite: replacing the computer with a tablet that can run those apps directly.

I eventually found tablets too limited in what I can do with them (like an iPad in my case).

A weird non-solution could be something like keeping your smartphone, but use the mirroring function on your laptop (Apple just announced this on Mac OS to mirror an iPhone).

This makes me think: while developing on Mac OS for the iPhone, one can run an emulator to check the app. Could that emulator be used with a shipped app? (Assuming you can even get the app itself from the store). I have no experience in that area.


There are a few ways to bypass the usage 1. Try our ChromeOS or Chromebook It supports android app via Play Store 2. Try dual boot using androidx86 project

Since, hardware limitations, options seem pretty much restrictive


I think the best approach would be to enroll the device in a MDM solution such as jamf. You can use this to apply very granular restrictions to what apps or websites can be used, and if you set a complex passphrase then you can’t just log in and reduce the restrictions.

I started down this path, but unfortunately I’d already been using the device and it was tricky to migrate data like photos/contacts onto the restricted device.


Get a cheap android phone and put a metered data service on it like Tello ($6 month for 1G and 200 SMS). Then leave it at your desk like PP said.

You might get by with WiFi service and a Google voice number, but many banks only trust real cell numbers and don’t work with VOIP numbers annoyingly.


I'm a bank customer in the EU without a smartphone. I have a dumb phone (think Nokia) and the bank will happily send me a traditional SMS for two factor validation, when required. Works everytime and no need for a smart phone at all.


added: For banking I use the Web interface in a browser on my PC (Linux or WIndows, both work).

There is absolutely no need to own a smartphone for banking


If you already have your phone, why not just leave your phone where your computer is?


If you are just trying to get a 2FA code, you can generate them. You could use something like https://github.com/rsc/2fa on your command line.


It would be great if banks would actually use standardized 2FA, but the 'TAN' apps are all random propriatary stuff.

The only that works in a standardized way are banks that use chiptan (using the secure element of the banking card with a reader). For this there are devices EG Form reinerSCT


You will need to use Frida to avoid root checks if you are going to go the emulator route.


You can attach a mouse, keyboard, and a monitor to an iPhone.

Might be worth trying like that?


Windows Subsystem for Android might work better than an emulator.


Find a different bank.


I haven't been able to do that too, but, here's my experience regarding smartphone use--When I was using an Android, I'd go to accessibility settings and turn the display grayscale. It felt so /tasteless/. Like food without salt. And my smartphone use went down.

When I switched to iOS, I deliberately chose the little SE 2020 edition with a terrible battery so I wouldn't use it much and it has worked. I still click a lot of pictures, use the banking apps, whatsapp here and there, readonly email access but haven't been wasting time on it and it makes me happy :D

In fact my first smartphone ever was a BlackBerry Q10 (in 2018!), deliberately chosen to not get into smartphone addiction.

By the way, kome, would you please get in touch with me? My email's in the bio. I'd love to chat with you about your time prior to having a smartphone :)


You can do the grayscreen thing on Apple phones as well. Double the distaste!


Double the distaste indeed :D


i would try to get a tablet or ipad. you can still use the apps you need, but it won’t fit in your pocket.


Can it work through Browserstack?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: