Server side secure banking in India?

India specifically has a approach of client side encryption, which for banking/payments is not necessary at all. Nothing is stored client side on an app, or a browser, so why do you need client side security?

If I am rooted, using magisk, shizuku or whatever on my phone, why would it matter to you as a bank? If your server side encryption is ON, robust, working, and is there, then you have nothing to worry. You anyways prohibit snapshot, recent gets blurred; so, why the heck do you force us to use your senseless apps which should in the first place not be reading what I have installed, or which app is using which feature on my phone. This is privacy breach, no safe space for me, and you are violating my constitutional rights, all in one go.

All Indian banking and UPI apps force you to not have #accessibility turned on (even though they f'ing use it themselves); no #root; no #bootloader-unlocked (seriously, you are snooping to kernel level!!!); no #developer-mode on; no #debugging mode on; no 3rd party #keyboards (reason: they snoop, and foogle does not snoop? The first thing foogle keyboard does is share your typing data to its servers); only keyboards in /sys/priv & /sys/priv-apps are permitted. What nonsense... What are you trying to hide that debugging will reveal, or any of these will reveal? You have closed source your codes, you do everything behind paywall, and you stink!

#indianbankingapps; #hsbc; #bob; #sbi; #hdfc; #icici; #bhimupi & rest of #illiterate-developers

Ref: RBI_Circular (PDF)