Ask HN: How to emulate a smartphone on a computer for banking apps?
Until 2021, I never had a smartphone. While the "app" revolution unfolded around me, I happily stuck to using the internet on my computer. I navigated new cities by intuition, rarely asking for directions, relying on my good sense of direction. That changed when a European directive forced banks to require two-factor authentication, leaving me no choice but to get a smartphone. I bought a cheap one. Over time, I found myself using it for trivial things, like checking Twitter on the tram—moments of contemplation turned into information overload. Sure, having a map or buying a ticket on the fly is practical sometimes, but it hasn’t improved my life overall. Long story short, I've decided to remove the phone from my life again.
If I’m writing here, it’s because I need some ideas. Before buying a phone, I tried installing the banking app on an Android emulator (BlueStacks). However, the app recognized the emulator wasn’t a real phone and refused to work. My question is: how can I emulate a real phone on a computer? Does anyone have experience or references on this? It would be great to build a collection of ideas and references here in the comments that could be easily found by search engines for others with the same problem.
In summary: Have you ever done something similar? Any suggestions, ideas, or hacks?
51 comments
[ 5.4 ms ] story [ 128 ms ] threadThe only that works in a standardized way are banks that use chiptan (using the secure element of the banking card with a reader). For this there are devices EG Form reinerSCT
As for 2FA, there are plenty of devices that can do this without a phone/SMS. I use 1password for 2FA across all my devices (laptop, desktop, phone).
[0] https://github.com/chiteroman/PlayIntegrityFix/releases
Edit: seemingly PoCs exist : https://xdaforums.com/t/poc-safetynet-bypass-for-emulators.4...
Frankly, I find the current situation really frustrating from a security perspective and also because it has created a duopoly that is impossible to escape. Some banks offer SMS as 2FA (insecure, very susceptible to SIM cloning). Others offer push notifications inside apps (iOS or Android with Google Play services) which is not really a second factor, and pushes you to either Apple or Google. I wish hardware keys were more widespread and/or ChipTAN was still an option.
I used it for three years before giving up and getting a used phone (for other reasons). My banking application detected all other emulators, but not Waydroid.
Not possible, since this is a requirement of EU regulation.
You might get by with WiFi service and a Google voice number, but many banks only trust real cell numbers and don’t work with VOIP numbers annoyingly.
- If you’re trying to solve the problem of phone being too addictive, make it less addictive. Delete twitter, setup your life around you so that it’s not focused around responding promptly to people. Intentionally don’t connect to WiFi and limit the speed to 2G.
I can’t speak for Europe, but here in the USA it’s still very practical to create a life without a phone.
I don't know a single place in Europe I've been to where I could not purchase some sort of a public transportation ticket without a phone.
Not a single one.
I started down this path, but unfortunately I’d already been using the device and it was tricky to migrate data like photos/contacts onto the restricted device.
Additionally, most scammers don’t even bother trying to emulate phone platforms. It’s easier to buy lots of phones and install custom software that allows a bot farm to remote control it.
ING: https://www.ing.nl/particulier/digitaal-bankieren/mijn-ing/s... HSBC: https://www.expat.hsbc.com/ways-to-bank/online/secure-key-fa... Bank of America: https://www.bankofamerica.com/security-center/online-mobile-...
It may be easier to switch banks to one with a supported solution that fits your lifestyle than rely on a workaround that would raise suspicion. And you'd be voting with your wallet.
I wished banks would support yubikeys as 2FA tokens.
When I switched to iOS, I deliberately chose the little SE 2020 edition with a terrible battery so I wouldn't use it much and it has worked. I still click a lot of pictures, use the banking apps, whatsapp here and there, readonly email access but haven't been wasting time on it and it makes me happy :D
In fact my first smartphone ever was a BlackBerry Q10 (in 2018!), deliberately chosen to not get into smartphone addiction.
By the way, kome, would you please get in touch with me? My email's in the bio. I'd love to chat with you about your time prior to having a smartphone :)
If nothing else, usually the app will only need one login / setup, then stay logged in, while the browser version probably logs the user out after 5 or 10 minutes and requires some stupid SMS/email/phone 2FA frequently.
Might be worth trying like that?
I eventually found tablets too limited in what I can do with them (like an iPad in my case).
A weird non-solution could be something like keeping your smartphone, but use the mirroring function on your laptop (Apple just announced this on Mac OS to mirror an iPhone).
This makes me think: while developing on Mac OS for the iPhone, one can run an emulator to check the app. Could that emulator be used with a shipped app? (Assuming you can even get the app itself from the store). I have no experience in that area.
boo
I think there is no such thing in Japan: a website where anyone an create a throwaway account and get a phone number in any area code. Telephony is tightly run there. There are some commercial services like that that will give you a phone number, but you have to submit paperwork proving that you're a resident of Japan.
Since, hardware limitations, options seem pretty much restrictive