When you get to the lowest level, technically, the banking apps want to store files on the phone that the user can't access.
This means that something like lineageos can run banking apps, if the phone tells the banking app what the app wants to hear. It's fiddly but can be done, and in fact it is what I do on my private phone. It also means that a platform that fundamentally gives users the right to read all the files on the phone (ie. to make a complete backup) will not be supported by banking apps, because such a platform will not let the banks do what they think they need to do.
I think this implies that such platforms can't grow beyond a niche within a niche.
While I can understand Google and the banking apps' actions, it doesn't make much sense given how PCs having root is hardly every a concern for a bank. If you can do something bad with banking on a rooted device, it's probably doable on a computer too.
Oh, banks are definitely concerned about PCs having root. There are even some banks that have removed their online banking websites entirely (except, perhaps, for corporate clients) and require customers to do everything through the Android app instead.
My bank and my wife's bank both require 2FA. On the app, one of the Fs is having physical access to the device (the phone/app, which was vetted by the bank when the app was installed). On web browsers, these two banks don't offer any factor like that.
In end effect, the banks treat a non-rootable device as suitable as a "something you have" factor, but will not treat a rootable device as that.
In some countries one no longer has that possibility. Not everywhere has a range of banks to choose from, sometimes mergers have resulted in just a handful of banks for a country, all of which enforce use of an Android app.
Oh, it’s fsflover, the poster with the Librem idée fixe. Haven’t noticed you here in couple of years. Your comment elsewhere here about GrapheneOS not requiring much less effort to daily drive is way off. GrapheneOS runs banking apps and, in countries that legally enforce use of certain apps for ID or payment, those apps, too. Zero hoops to jump through. Meanwhile, a Librem phone (or a PinePhone) will not work.
Of course, in some countries you have lack of important freedoms, which says a lot about their state of democracy. However if your country gives you a choice, consider using it in order to not lose it.
It's nice to know that I'm somewhat famous. I never suggested that running banking apps on GNU/Linux phones was as easy as on Android forks (however, reportedly it is possible for some banks). I meant other daily tasks of course.
The country I live in has strong consumer protection laws. Banks deal with it by judging risks: That which is too risky is what they won't offer.
My bank does not offer Western Union transfers, for example, because there's been too much fraud. And does not accept root-platform devices as 2FA "something you have" factors.
Liberty or consumer protection? Your choice, really.
Arguably, typical Android is less secure than a Linux phone, since it constantly calls home, runs a ton of untrusted apps and often has a short software support time.
One of the draws of GrapheneOS is that, since Pixel phones have a relockable bootloader, that Android image will pass SafetyNet. While Google Play Services is typically required by banking apps, on GrapheneOS you can run Play Services in its own sandbox.
They might, but app for my bank works happily on LineageOS.
Same eg. with app for a local 2nd hand site, which on startup complains that it needs the Google services... and then runs without issue (only appears to use those Google services to pinpoint the phone's location).
Imho this is 1 more reason to put alternatives like LineageOS on a phone: the more users on those, the harder it is for app developers to drop that usergroup for... well, reasons.
Most reject phones that don't pass SafetyNet. There are ways to pass it with unofficial images/rooted phones, although I'm not sure for how long they will keep working and I think you still need Google Play.
