Thursday, January 8, 2026
Latest:

Threatshub.org sponsored-Post

The Register

HSBC app takes a dim view of sideloaded Bitwarden installations

TH Author

Some HSBC mobile banking customers in the UK report being locked out of the bank’s app after installing the Bitwarden password manager via an open source app catalog.

Neil Brown, board member at F-Droid, said he was blocked from accessing HSBC’s UK mobile banking after a security screen flagged Bitwarden as a risk. Brown had installed the password manager via F-Droid rather than Google Play.

Bitwarden, an open source password manager, is available through official channels including Google Play and Galaxy stores, as well as via F-Droid sideloading.

HSBC didn’t provide The Register with a clear answer on why it won’t allow a sideloaded Bitwarden installation to coexist with its app on the same device.

Representatives from both F-Droid and Bitwarden suspect the issue stems from HSBC’s side.

Gary Orenstein, chief customer officer at Bitwarden, told us: “It seems that HSBC has chosen a level of security and permissions for their mobile app that allows the HSBC app to see if there are other apps on the phone not installed from the Google Play store, and if one is found, to disallow the install of the HSBC app.”

Brown said that “as far as I know, this is a decision taken by HSBC unilaterally,” and the issues are not caused by F-Droid itself.

Some have opined that HSBC configured its app safety controls, Play Integrity, to forbid operation in such cases, although this remains unconfirmed.

“In terms of the technical details, I do not know,” Brown told us. “It could be down to SafeNet, but I do not know for sure. There might be technical workarounds, such as using banking apps within a separate profile on the device. Or – not ideal, because of the increased cost for the user – using a separate physical device for banking apps.”

“My approach, driven by me testing postmarketOS, is to switch back from using apps to using the provider’s website.”

HSBC’s response gave little away. A spokesperson said: “Protecting our customers’ accounts and personal information is our priority. Our app performs checks to identify potential malware risks and can require users to take additional steps to keep their accounts safe.”

Both Bitwarden and F-Droid said they are open to discussing the matter with the bank, although we understand no meetings have yet been scheduled. ®

READ MORE HERE