You assume there is a “less shit bank”. Not everywhere is like the USA with a wide choice of banks. In some countries the banking landscape has, through mergers, become limited to just a few choices, and they all require SafetyNet attestation for their phone apps.

"voting makes no difference" is one of those rules which apply really well to the individual, but if you apply them to a larger group of people, they become wrong.

You would be trading one kind of "shit" for a much more real and serious kind of shit - at the new bank, you'd either be more likely to get your account drained in ways that are hard to reverse, or you'd be forced back to using dedicated hardware smartcard readers of the type that were common before mobile apps became widely used (at least were common in Europe).

If your bank account gets drained and you'd made a big song and dance about how you selected that bank specifically because it had less security on its mobile app, well, nobody will have any sympathy for you.

If your bank is equally secure but uses dedicated hardware devices instead of smartcard readers, then all you did is swap one bit of secured hardware for another, making your life less convenient and in return for what?

A bank has to know it's communicating with the real human who owns the account and not a hacker. It's going to achieve that one way or another. You'd be much better off accepting the tech and finding ways to achieve your goals within it, like by setting up a project to maintain whitelists of known good/secure OS builds. You can then make libs that wrap SafetyNet and eliminate the false positives. Even if banks don't start using it anytime soon, other smaller companies might and it's a place to start. Of course the fact that virtually nobody cares about custom operating systems to begin with is the biggest hurdle you'd face, not the tech or business requirements, but that is partly on the OS developers. You can't complain nobody cares about if you're not giving anyone a reason to care.

You use the word “forced” like it’s a problem? I hated it when my bank got rid of a nice secure card reader (which required my physical card and pin).

If my phone breaks or is stolen, I can’t actually buy a replacement phone now, as that requires spending money, which requires 2FA which requires my phone.

Keep a few dozen $100s on hand for when payment networks glitch out.

You don't have a contactless credit card from your bank?

Can’t use it online with 2FA from phone

> That same logic says you should not vote either.

Indeed.

> If even some 10-20% of IT professionals (with salaries to match) up and leave for a less shit bank, trust me, they will care.

That's an impossible number of people to coordinate on something like this, and even if, I doubt banks would care. There exist no less shit banks, and retail is a rounding error anyway.

Banks aren't shit because of incompetence or a not-give-a-damb attitude. They're shit because it makes them more money, both directly and by reducing risks.

No, that logic says you can vote or you can not, it makes effectively zero difference.

I always vote the local issues. For the national bozos I can leave it blank, which is "none of the above".