The issue came from banks, for instance, who demand mandatory crapplications just to allow web logins from desktops with the excuse of "safety". I do not know if banks from your country have done that, it's a moderately recent idea in southern EU since around 4-5 years. Some arrive to the point of stating that's mandatory by law, witch is not only false but also the contrary since EU PSD 2 law they cite mandate that no single device can authenticate and operate, while most of such crapps do.
I know some have analyzed their (unsafe) protocols and now use desktop otp software, but that's not a thing should ever be needed in the first place: banks who mandate the usage of unsafe platforms (and the rise of Android banking malware is a nice proof) must be forbidden by law with sanctions severe enough no one ever try to push such systems just to grab more data from their customers.
A thing we already see for EV recharge and other activities.
? The point is: if we accept keeping evolving in this directions we will be not Citizens anymore but just "smartphones holders" pastured by smartphones real owners witch happen to be a small set of private companies.
The point is that in a near future our identity will be only provable by them, NOT by States [1] so a private company can say who you are or not, not your government. We will been able to pay things only if the new substantial de-fact dictator, the GAFAM, decide that we can, since all payments will pass through their platform [2], we will be weighted from the birth by bid data analysis on our DNA [3] having careers pre-defined by social scoring systems (witch means by bad choices and corruption, like in China and UK) well trapped in such dystopia.
I understand that casual citizens can't understand but on HN it should be a hot topic if we still have hope.
So the point is mandate a total ban of such practice, imposing and open IT for the profit of the whole society not of some big&powerful against all the rest. Witch means coming back to classic IT vision, because actual IT is born back then and distorted just to evolve in such limited, limiting and dangerous manners...
I know some have analyzed their (unsafe) protocols and now use desktop otp software, but that's not a thing should ever be needed in the first place: banks who mandate the usage of unsafe platforms (and the rise of Android banking malware is a nice proof) must be forbidden by law with sanctions severe enough no one ever try to push such systems just to grab more data from their customers.
A thing we already see for EV recharge and other activities.