Platform was Android 4.x Samsung Note 4 rooted.
Titanium Backup was used for hacking.
I cooperated with the Swedish company Finansiell Bank-ID AB, the developer and maintainer of the product.
The backdoor was corrected by eliminating Android 4.x as accepted OS, demanding at least Android 5.x and using TPM.
Well, it was sufficient for almost 1 year, until now.
Test platform was Android 6.x Samsung Note 4 rooted and Android 8.x Motorola G6 Plus rooted.
Swedbank latest version Android app and Finansiell Bank-ID latest version Android app.
Test was done today 2018-10-10, against Finansiell Bank-ID auth server.
A special modified TWRP recovery was the "tool".
It seems that new security demands must be asked and following the actual trend:
- SuperSU sold to bogus "chinese" company in USA and abandoned developing
- SuperSU totally eliminated from Google Play
- Huawei no-longer giving bootloader unlocking codes
It seems that it will be a harsh race between Rooting a device and using that device for banking operations or digital authentication.