Like I already wrote, I fully know that it is collecting data, thats why I’m giving it some bogus ones (like for example fake location), and some other valid one (like for example my device id and IP when I use it) that I did agree to give in exchange for protecting my bank account from being hijacked and other.

Other than that it collects nothing more at least nothing active. Why do you ask? Because bank app have background internet access denied so it can only connect to internet when it is in foreground. Yes, it could run some periodical task in background, store that data on disk and send it only when active but that’s something that facebook would definitely do. While I agree that a lot of shitty apps do that, I doubt that bank will try to risk gdpr breach (that would hurt them monetairly in many ways) over some useless data that they could access.

On top od that I have have network traffic monitor always on screen so I see when something is using network and howuch, ans that it stays flat 0 when I use offline apps, that gives me confidence that nothing is actively sending data to network.

And yes, I already once closed my bank account because of a shitty app, so I know what I’m saying.

Those plastic rectangles doesn’t have any security against range extend attacks so they can steal money from you and you would be plain unaware and defenses. While phone or watch will only enable contactless payment on demand making it way safer. And you can pay with contactless payment everywhere in Poland while you sometimes can’t pay with inserting physical card on some automated devices as there is no where to insert that card, you can only use contactless feature of that card.

Not to mention those plastic rectangles cost yearly or sometimes even monthly, while app is 100% free. And if the app at any point in time do anything that I didn’t agree in the agreement and/or bypass any permissions I didn’t grant them there will be hell to pay for them.

But maybe I’m wrong, I don’t know…

I use bank app for contactless payments. But the bank app have no other permissions, even location is fake.

In case of f-droid, it’s follow more the Linux distro phylosopy, where the binaries are build and offered to you not by the developer but by distro/repository maintainers people.

You can add your own repository or use your friend repository or use f-droid ones.

In case od f-droid repository, to get app published your app need to adhere to rules one of them is that the code need to be public so the repo maintainers can build the app from it.

Comparing it to play store where the app is build and sign by the developer without making the code public, in turn making it almost impossible to know and follow what the app is doing.

So its a matter of trust.

For some apps I would rather install them from f-droid as I have higher confidence that someone looked at it if the app is not harmful or leaking my private data. For other apps like Banking apps I would rather install them from Aurora store where I dont know what the app is doing but I trust more to protect my money than some random dude on internet. And if bank does something bad I will sue them or just stop using their service.