Achievement: Latest Unlocked
Reply to: Replace app with custom system?Thursday, October 15, 2020 at 02:06pm
thanks for your response.
I don't think these REST endpoints are applicable to the CrontoSign swiss app. The bank sends a snail mail letter with a visual activation code. When the app scans that code -- even when it's in flight mode! -- it detects that it's a special kind of code and starts the registration flow. That essentially consists of a registration code that the app displayed and that needs to be entered in the bank's web UI. Then, to confirm that the pairing worked, the bank generates a regular login challenge code, the app scans it and generates a response that is again manually entered in the bank's web UI. All of this works while the phone is entirely offline. To me, it looks more like the app has a private key (similar to Google Authenticator) and it just responds to whatever challenges it receives.
My question is essentially: Can I build that app from scratch? And I guess if I can re-build it for Android or iOS, then I could also build it for other operating systems.