• j4k3@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    What is this about a mobile app? I’ve half considered running steam, but I’m on Graphene, don’t want anything google, and don’t want anyone’s apps, and especially anything with network access. Requiring anything on mobile is ridiculous nonsense to me.

    Android is designed so that users can be completely ignorant of security and OS best practices. They do this by making every app developer the equivalent of a full user on the device. Even with a ROM like Graphene, Android is on untrusted hardware. Asking me to place any app on my device is like asking to make them my roommate and live in my house. Maybe people are cool with that, or enjoy the feeling of their head in sand. I imagine most are simply ignorant of what I am talking about and how the system works in the real world.

      • bountygiver [any]@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        3 months ago

        yup they need the mobile app specifically because there was trade frauds happened before, with cs items that costs hundreds. They can’t just go with using a normal TOTP because the mobile app is also a 2 factor approval for every single trades you are attempting to make.

        I think you can go without mobile app and use only e-mails, but it will cause the items to be held for days which people who trade frequently will not want to trade with you as their inventory moves fast.

    • CaptainBasculin@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      About forcing their app, while it’s not necessary (you can use mail guard or extract the OTP key to run just the OTP generation); the improvements it makes to account security is top notch. I have a 2007 dated Steam account that had its username password combination leaked way back when i used the same username password combo everywhere. After setting up Steam Guard; I never had to change anything off of it. It used to just generate OTPs with its app; now it also shows where were login attempts made to your account, occasionally I get “yo this random fuck from China tried to login your account; is this you” notifications on my phone which i can pretty much ignore.

      My old accounts on other platforms have really different stories, but on none of them i was able to call the account safe without changing its credientials at all.