Now my Pb bank and mae app I see gave such warning.

How can developer mode and USB debugging mode breach bank app security?

Yr like putting yr wallet at places where every one can see and access , when yr wallet kena stolen shock Pikachu pulak

if use Samsung, can use Samsung Knox.

Maybe it is used by scam app to read certain details like key logging to work…

Buy another phone lah...haha

last time bank rakyat apps also refuse to login when detect dev mode. only cimb don't mind, but that shitty app is in a league of it's own.

as the name imply, developer mode is for developer to test and modify the system. for normal mode of operation, any admin right or modification to the system should not be allowed at all. otherwise, rogue app can potentially exploit them. in short, they are a potential security risk.

the most risky element is still the user 🤣 PEBKAC

USB debugging is like leaving your house kitchen door unlock. Don't risk it.

Keyword = USB. Don't plug into unknown charging port, always use your single factory out charger, and don't install app outside of play store. You will be fine. Been using dev mode on android for the past 10 years, still safe

Actually disagree with this example, even usb debugging is enabled, you still need to trust the device first to access, so there is still one more security layer to go through.

developer mode usually not the issue but the usb debugging/wireless debugging, but some developers just simply choose to checking for developer mode instead of specific feature block.
I would say it's for prevention and to cater for "don't know what they are doing" person and this affect legit users. Banks probably use owasp-mastg as guideline.
- to reduce attack vector (to the bank app or the user).
- harmful / unknown sources app can still trick user to make it as trusted device.
- someone has your unlocked device access and install harmful apps.
- if there is a new exploit to bypass trusted access.
- unknown charging/usb port that try to gain trusted access and some people will just simply click trust it because it disturb what they are doing and don't know what is it.
- unauthorized screen mirroring/remote/key-logging (after gained trusted access).
- and probably more

It looks like the myPB bank app also thinks the apps/updates installed by the phone maker via regular OS updates (but not via Playstore) are red flags. Hint...Oppo. Not sure about other phones but should be the same.

This post has been edited by yeeck: Mar 3 2025, 11:04 AM

Same for my POCO phone.

Why do you turn on your developer mode permanently, TS?

Can't you just turn it off under settings, developer options and only enable it when you need to do debugging?

They do that because they want to force install their malicious apps in your phone and don't want you to remove them on purpose.Some of these telemetry apps even steals your surfing habits, data which you use daily and many of your personal inputs reporting them back to the manufacturers servers claimed for improvement purposes.

It actually work both ways.

Those ad blocker apps actually do you good but the content ad-tracking companies such as Google and Meta don't like you blocking their ads for loss of revenues. So they include those apps as illegal/security risks tools in their security patches.

Knowledgeable users of course know what they're doing, those ad-blocking/telemetry apps are not security risk apps but are revenue loss to Google/Meta.

But why do you think these corporations include them as illegal risky security apps under their security patches?

my in law punya phone dev mode is not even on also keep triggering this issue.

the only way for me to bypass this is to turn on and off again the dev mode.

then it will appear again after a week or two on random interval.

Techincally speaking, the developer for bank don't want to risk anything.
Having the app install from Official store (Play Store/ Huawei Store/ Samsung Store), is the only best bet they can trust for security.

Usually those app that content malicious intent / trojan will get flag and not able to publish in official store. Unless it is so new, that is able to goes under radar.. "happen before".

Having developer mode is not an issue, as I'm using it to change some settings on the phone. e.g: Animation / Transition Speed.

USB Debugging Mode is the real backdoor.

In order to use USB Debugging Mode, developer mode need to be turn ON.
So to say, the developer for banking app just playing it safe below limit.

*Some banking app did flag some app installed from Samsung Store / Huawei Store.. the developer need to do better filtering, or there's no API to check that*

This post has been edited by shinichi88: Mar 3 2025, 12:01 PM

I think you misunderstanding this, he mean the bank apps check for apps that not installed from Google Play Store, but some chinese phone manufacturer (xiaomi, poco, oppo, etc) come with preloaded apps that are not downloaded from Play Store.

The android developer usually either, many of them are iphone user or using those samsung, etc, company didn't provide variety of testing phone brand to test or any cloud devices service. The developers will need to whitelist those preloaded apps if they are implementing this mechanism.

Why do you think Chrome intentionally block plugins such as uBlock recently few months back?

Are they actually improving your security by not allowing you to block their ad-trackers? Or they are actually trying to protect their own revenues/interests?

People need to have some common sense.

The devil will not tell you that he's feeding you poison, he will say this is nourishment for you to take regularly and so are their security patches which will block you from taking away their revenues.

Get it?

There was once, when I used ad-blocker on my phone those banking apps wouldn't load.I think it's still happening occasionally..

What does that mean? Our online bank portals have been known to use malicious domains that are being abused by ad trackers?

Do the banks prefer you to receive malicious ads and are encouraging you not to install ad-blockers for "their" security reasons of protecting their ads revenues side businesses?

I think your reply already out of the topic and not relevant, suggest you to reread what he said again.

1. Public bank apps flagged one of his installed apps as red flag (which most likely mean from unknown source or not from Google Play Store)
2. The apps actually pre-installed or downloaded through the OS update from Oppo (can be Oppo Camera/Gallery apps or whatever, I not sure as I not using Oppo), but Public bank app only check for apps that installed/downloaded from Play Store which disqualified these apps.
3. I didn't use public bank so I assume the user blocked from using the public bank app.

i use dev mode to remove the stock system animations, all my android devices load and transition between apps very smoothly without the stock animations