Let’s say, I create a bank with the caveat that all of my banking phone apps and webapps are FOSS (or if they depend on non-free components — banks probably do to communicate with each other —, then just OSS). Am I going to be behind the competition by doing this?
If the most secure crypto algorithms are the ones that are public, can we ensure the security of a bank’s apps by publicizing it?
Are they not doing this because they secretly collect a lot of data (on top of your payment history because of the centralized nature of card payments) through these apps?
EDIT: Clarifying question: Is there a technical reason they don’t publicize their code or is it just purely corporate greed and nothing else?
If your software makes your clients’ life easier and your internal operations cheaper/faster/whatever, it’s a competitive advantage. Why would you give it away? Corporate greed or healthy competition, I suppose, depending on your point of view.
Why does any company ever undercut the competition by offering something more attractive?
Bank A makes their customer’s lives easy/convenient, but forces them to bend over and install freedom-disrespecting spyware. If bank B wants to take some of Bank A’s market share (healthy competition), they produce an app that is equally convenient but respects freedom.
Healthy competition is not in play here. Banks are highly skiddish and risk adverse. The US has over 6000 banks yet US consumers experience very little diversity between them. They’re all basically the same because in when money is on the line no one in the finance industry wants to gamble with doing something different or original. They copy each other and produce shitty websites. Even the website software is outsourced primarily to a few different suppliers.
Even before smartphones existed, I was disturbed that if I wanted an electronic statement, I was forced to login to a website manually and do a lot of clicking. Fuck manual labor. They called that “electronic delivery”. But it wasn’t delivery; it was pick-up. I want my statements like I want my pizza: delivered. It’s been possible to email PGP-encrypted statements since the 1990s, but no banks in the US do it. I think just one bank in Germany did it. But in the US no bank wants to try something different because if they succeed, other banks will copy them anyway. So they only put their neck on the line with risk only to have the benefit of the success be exploited by the competition who avoided taking risk.