Jailbroken phones unable to open banking apps from march 1

Phones that have been jailbroken, a common practice for grey-market imports, will no longer be able to access mobile banking applications starting march 1, in adherence to new security standards.

Circular 77 from the State Bank of Vietnam (SBV), effective early next month, outlines specific scenarios where mobile banking applications will be inaccessible. Banking apps will cease to function on modified devices, including those that are rooted (Android), jailbroken (iOS), or have an unlocked bootloader. These devices will be prevented from using mobile banking services.

Rooting, jailbreaking, and unlocking the bootloader are terms for intentionally circumventing security measures established by device manufacturers. Rooting on Android grants users the highest level of control, allowing them to modify system files, remove default applications, or alter the core interface. Similarly, jailbreaking on iOS removes Apple's software restrictions, enabling the installation of applications from unofficial sources.

Unlocking the bootloader involves accessing the deepest hardware layer, which permits the installation of custom operating systems, also known as custom ROMs. A device with an unlocked bootloader essentially disables its initial layer of security from the moment it is powered on.

These modifications compromise a device's inherent defenses, making it easier for malware to infiltrate banking applications and steal sensitive information. Furthermore, malicious actors could record screen activity, hijack camera controls, or spoof fingerprint and facial authentication without the user's awareness. Modified devices also frequently miss official security updates, rendering them highly vulnerable to various viruses and spyware.

In practice, phone modifications are not always driven by user demand; often, they are performed by sellers, particularly for grey-market imported devices. Domestic Android models, for instance, typically lack Vietnamese language support, do not include standard app stores, and may experience delayed notifications. To address these issues, retailers frequently root these devices to install international operating systems.

For network-locked iPhones, retailers commonly jailbreak devices to resolve issues with contacts, messages, or to enable the use of interposer SIMs. While alternative methods now exist that do not require such modifications, a substantial number of older devices still have modified systems. Furthermore, these devices often avoid updating to newer operating systems, which severely compromises their security.

Main interface of a mobile banking application on a phone. Photo: Tat Dat

Moreover, banking applications will automatically cease functioning if they detect a device is connected to technical support tools, such as a debugger or an ADB communication port with a computer. These connections act as "backdoors," enabling deep intervention or remote control of the phone from a computer, thereby creating vulnerabilities that malicious actors can exploit to seize control of transactions.

Concurrently, mobile banking will also be incompatible with "emulated" environments or virtual machines running on computers. These non-physical devices inherently lack robust hardware security layers, making them highly vulnerable to automated mass attacks by hackers. Crucially, the new regulation also directly targets applications with repacked source code or those injected with tracking code (hook) for the purpose of data theft.

To prevent transaction disruptions, customers must proactively verify their device's status and remove any root, jailbreak, or unlocked bootloader configurations. Furthermore, customers are required to update their banking applications to the latest version, whether activating on a new phone or reinstalling the service, to comply with the new security standards.

Tat Dat

By VnExpress: https://vnexpress.net/dien-thoai-be-khoa-khong-the-mo-ung-dung-ngan-hang-tu-1-3-5040604.html