The fault is not with the bank, but with the vendor of the phone. The hardware is perfectly capable of running newer Android versions, but the phone simply doesn't support them.
This is especially the case with lower end phones. My mother (an immigrant whose family communicates via WhatsApp, and other free services) buys a new phone every year or so because her BoA, or transit app can’t be used without the version of Android that was never released for her phone.
It’s some real “serpent eating its own tail” sh*t if I ever saw it.
Do they really? All they care is about some particular version of Android (like any other app). I don't think I ever saw any banking app which would check for presence of some particular security updates (not even sure if it's possible).
Right, like the good old "we care so much about security that we blocked rooted devices, but we make no effort whatsoever to check the security patch date":)
AFAIK if I use a bank app on an insecure phone, and they stole my money, the bank should give it back to me. Authentication is their job after all.
But it is not much of as a problem right now. They definitely try to push people towards more secure and up-to-date systems, but as now, you still can bank from insecure systems as well, and allow your account to be stolen.
It's supposed to never leave your pocket or your hand.
Besides, if someone gets your credit card number and purchases something, you can charge it back. The vendor is supporting the risk, not you.
I, personally, do care. But I saw lots of computers with old Windows, like XP, 2003 and so on. On my current work we have dozens of customers with Windows Vista which causes lots of headache and significantly limiting us with development tools. Well, it works for them, so who am I to judge. All I can see is that not everyone cares about security updates, including Windows workstations which handle quite important data.
