cross-posted from: https://fost.hu/post/226135
Let’s say, I create a bank with the caveat that all of my banking phone apps and webapps are FOSS (or if they depend on non-free components — banks probably do to communicate with each other —, then just OSS). Am I going to be behind the competition by doing this?
If the most secure crypto algorithms are the ones that are public, can we ensure the security of a bank’s apps by publicizing it?
Are they not doing this because they secretly collect a lot of data (on top of your payment history because of the centralized nature of card payments) through these apps?
EDIT: Clarifying question: Is there a technical reason they don’t publicize their code or is it just purely corporate greed and nothing else?
OP raises a good point, though. Why isn’t there a standard banking API that all banks could use, against which applications could be written?
People don’t choose banks because of the bank’s app. Banks are also pretty sticky. Having a standard would allow banks to save money on application development. I just don’t see what the value-add of proprietary banking APIs are for them. It doesn’t seem like much of a differentiator.
I think there’s a sort of standard in the EU; why doesn’t the US have one?
There are a bunch of APIs, actually. Plaid is a pretty popular one. The problem is getting the banks to implement them.
But people definitely choose banks because of their apps. For example, my bank doesn’t have any physical branches in my area, so I do everything through the website or app. Remote check deposit through my phone camera, for example.
So, just so I understand: the app, not services, fees, rates, or other financial considerations was a significant factor in your choice of institutions?
May I ask what generation you fall into?