Most banks in Germany, Austria and Portugal default to Play Store or App Store apps with OS integrity checks. It seems like the Nordic countries have it a bit better with the ID reader apps. There are sometimes alternatives and some of them require paid subscription.
The apps they require are proprietary. They are not generic TOTP generators. Some of them require biometric approval. Some just logging in and approving a notification. I have seen some generate a form of non-standard TOTP. Otherwise I wouldn't complain about being locked into Google or Apple ecosystems. They are Play Store or App Store apps that require attestation from the libraries / systems provided Google or Apple like SafetyNet or Play Integrity. Some require strong hardware attestation. If the OS is modified, those checks do not pass. You cannot use any FOSS system without crazy hacks. If the phone is stolen, you have to go through manual reonboarding. It sucks when you're out of the country.
>SafetyNet or Play Integrity
A few days ago I did inspect the NovoBanco (Portuguese) apk, and I did look for SafetyNet specifically. They didn't use it. But since I'm not that familiar with the android eco-system I couldn't really tell if Play Integrity was used instead. But I did find a LOT of HMS (Huawei Mobile Services) stuff, and some if it was definitely related to security.
I might take a look at it again tomorrow.
I was curious if I could sideload the app without logging into a google account, meaning without using google services, but all I did was a tiny bit of static analysis instead of actually trying it.
If you have any write-ups on crazy hacks for foss systems, again it would be awesome if you could share them and greatly appreciated. Cheers
Also, is using HMS a normal thing in android development? Last I checked Huawei was persona non grata in the west, at least when it came to hardware like network equipment and consumer devices. I was surprised when I saw HMS in the apk.
The decision to abandon Calibri on the grounds of it being a so-called “wasteful diversity font” is both amusing and regrettable. Calibri was specifically designed to enhance readability on modern computer screens and was selected by Microsoft in 2007 to replace Times New Roman as the default font in the Office suite. There were sound reasons for moving away from Times: Calibri performs exceptionally well at small sizes and on standard office monitors, whereas serif fonts like Times New Roman tend to appear more distorted. While serif fonts are well-suited to high-resolution displays, such as those found on modern smartphones, on typical office screens the serifs introduce unnecessary visual noise and can be particularly problematic for users with impaired vision, such as older adults.
Professional typography can be achieved with both serif and sans-serif fonts. However, Times New Roman—a typeface older than the current president—presents unique challenges. Originally crafted in Great Britain for newspaper printing, Times was optimised for paper, with each letterform meticulously cut and tested for specific sizes. In the digital era, larger size drawings were repurposed as models, resulting in a typeface that appears too thin and sharp when printed at high quality.
Serif fonts are often perceived as more traditional, but they are also more demanding to use effectively. While a skilled typographer can, in theory, produce excellent results with Times, using it in its default digital form is not considered professional practice.
Calibri, by contrast, incorporates extensive spacing adjustments and language-specific refinements. The digital version of Times New Roman, developed in the early days of computing, offers only minimal kerning and letter-pair adjustments. This is especially evident in words set in all capitals—such as “CHICAGO”—where the spacing is inconsistent: the letters “HIC” are tightly packed, while “CAG” are spaced too far apart. Microsoft cannot rectify these issues without altering the appearance of existing documents.
This reads like your CEO is mixing an argument against serifs with an argument against Times specifically. Later on they make a case against Times' lack of support for more modern features in digital fonts, which is a fine argument, but a question comes to mind: is the solution a sans-serif font?
It seems to me upon reading the article that Rubio's staff, or Rubio himself, is being overly specific with the font and I suspect that, being uninformed, what they really want is a serif font rather than Times New Roman, specifically. Maybe I'm wrong.
In any case, I'd like for you/your CEO to make it clearer, if you will: do you believe official government communications should use a sans-serif font altogether or is it just a problem with Times? Or both?
On a more personal note, is there any serif font you'd suggest as an alternative?
Thank you. (And sorry if I read this wrong.)