Mobile banking apps failing security checks
Speaking only for myself:
- /e/ version: 1.21-t-20240323388918-stable-FP3
- Device model(s): Fairphone 3
- Developer mode: initially, then disabled
- Device rooted: no
Summary
Multiple mobile banking apps have just started to reject phones running /e/OS as having 'failed security checks'.
So far this affects:
-
Starling Bank (UK) -
com.starlingbank.android
- 3.47.0.97816 - AXA Bank (FR)
The problem
Steps to reproduce
- Update banking app to latest version
- Open app
What is the current behavior?
A warning is displayed saying that the device has failed some security checks. At least in the case of Starling, the app remains functional for 14 days at which point the user is locked out. The warning tells the user to factory reset their phone.
What is the expected correct behavior?
Not that.
Other Information
From talking to Starling support:
…please can I double check what operating system you are using at the moment as some people have been having an issue using GrapheneOS and we have raised it to our tech team to look into.
Followed by:
You're seeing this screen in your app because your device hasn't passed our security checks. When using an android device our app is only compatible with the Original Equipment Manufacturer (OEM) and is incompatible with any custom operating systems.
This is also evidently an issue that recurs fairly regularly:
- #6492 (closed)
- #5659 (closed)
- #2291 (closed)
- #5060 (closed)
- https://community.e.foundation/t/uk-banking-apps-starling-bank-not-working/48740
Solutions
Workaround
- Clear app storage
- Uninstall app
- Install previous version of the app
Possible fixes
- App Lounge should stop offering the latest versions of these apps
- As the issue is affecting multiple apps as well as GrapheneOS users, I would guess that there was a change to an upstream (Google?) library that all of these apps are using and that's what's caused the issues. So perhaps this is a MicroG issue?