33 comments

[ 0.26 ms ] story [ 49.7 ms ] thread
probably because bitwarden has a permission to overlay other apps and HSBC thinks it's malware stealing your access to your bank
We can't let banking apps invade our property.. things like banking apps need so much control in order to be secure that they need to exist on dedicated devices.
I thought Google removed the API that let you see other apps on the device. Maybe there's another API I'm not aware of though
It will not work either if you have developer mode enabled.

These things HSBC app does, I think it's overreaching

That's Google's SafeNet. HSBC picked a level that causes this. Google manages the blacklist of apps.

We are rapidly losing our freedoms to the will of these companies. If they decide they don't want to they can even if the law doesn't forbid it.

People in Switzerland and the EU are being de-banked by local banks because of US pressure allowing them to force any bank that wants to use USD. The US has started to sanction people for free speech resulting in de-banking.

Swiss law requires one bank (Postfinance) to offer banking irregardless but if you are sanctioned you can't use the wire system, no other currencies, no credit cards and you cant use Twint either so it's in effect useless. You can't pay for your health insurance or rent.

Ditch apps on your phone and pick banking that gives good, robust online banking. I was cut off by Starling for something similar and had to choose between a factory reset of my phone and my bank. I explained that my phone had free software on it, some of which I'd written, and it made no difference.

Apps are a tool of control and surveillance and it is time we stopped tying ourselves to them. Dumb phones or degoogled operating systems (like e/OS/) are probably the answer here.

My wife has tried to use a flip phone just for nostalgia's sake and she has a newer phone that supports android 14 (technically android go 14) and thus should work with most basic apps. However, one of her banking apps refuses to work claiming an app is screensharing (the POSB bank app thankfully identifies it as the "android system" app.) likely what is occuring I think is the second screen is drawn using some sort of thing that is reported as screen sharing, that POSB thinks could be malware.

Of course, asking POSB for help has lead to nothing being done. By and large the biggest threat to people finance wise in singapore isn't malware but are scams (what is called "pig butchering" in America is rampant here) whilst malware is always a threat sometimes I feel like just refusing to function is problem due to overzealous viligiance to a low probability threat.

Plenty of UK banks that don't require this, and whose apps will also work on a rooted device. Monzo will display a warning that sets out the fact there's an increased risk, and then lets you be an adult and choose to continue to use the app if that's what you want to do.

The best part is that the Current Account Switching Service makes it very easy to make the jump from a legacy bank like HSBC.

It's worth trying to work around this by creating a work profile to isolate the apps.
Tangentially related, but some banking apps also implement their own in-app keyboard in their password fields, making password manager unusable and basically forcing me to use a easy to remember (to guess) password.
HSBC is also one of few apps that dont let you use it with iPhone Mirroring.
Most banks do this, they won't let the app run if you have developer mode turned on as well, even if you're not using it for root (or anything else in the developer menu)
HSBC is on my list of the worst bank anyway. Just connecting to their online banking portal you feel like throwing up!
At least now it should be pretty easy for any tech person to patch apk removing this check
Isn't it funny how most banking apps do all this borderline malware crap, yet most banks also have online banking that you use through a web browser that they have no technical means of "trusting"?
Never use a banking app on a phone especially since internet banking websites exist.
HSBC still operate a perfectly functional website for banking.

The more people who continue to use this, the better. It sends a clear signal that customers prefer the open web over restrictive and inconvenient mobile apps.

I’m also hanging on to my bank’s physical RSA fob as my 2FA, instead of using their app based version.

I switched away due to HSBCs final straw for me being blocked due to not using the phone built in keyboard.

Apparently using an open source keyboard runs the risk of my keypresses being shared with a 3rd party. Unlike Googles keyboard?

I recently came across Open Web Advocacy (OWA) who summarize my mobile-platform concerns well. They "advocate for the future of the open web by providing regulators, legislators and policy makers the intricate technical details that they need to understand the major anti-competitive issues in our industry and how to solve them."

Their top 3 priorities:

1. Apple's ban of third party browsers on iOS is deeply anti-competitive

2. Web Apps need to become just Apps. Apps built with the free and open web need equal treatment and integration. Closed and heavily taxed proprietary ecosystems should not receive any preference.

3. All artificial barriers placed by gatekeepers must be removed. Web Apps if allowed can offer equivalent functionality with greater privacy and security for demanding use-cases.

Website: https://open-web-advocacy.org/en/