HSBC mobile app blocks access when Bitwarden is sideloaded via F‑Droid

TL;DR

Some UK HSBC customers report being prevented from using the bank's Android app after installing Bitwarden from the F‑Droid catalog. HSBC says its app checks for potential malware risks; Bitwarden and F‑Droid say the bank's app appears to be blocking sideloaded installs, though technical details remain unclear.

What happened

Several HSBC mobile banking customers in the UK report being prevented from using the bank's Android app after installing the Bitwarden password manager via F‑Droid, an alternative open‑source app catalogue. Neil Brown, a F‑Droid board member, said HSBC's security screen flagged the sideloaded Bitwarden install and blocked access. Bitwarden is also distributed through official channels such as Google Play and Galaxy stores, but HSBC did not explain to The Register why a sideloaded install would trigger the bank's checks. Representatives from Bitwarden and F‑Droid expressed the view that HSBC's app is carrying out the restriction; Bitwarden's chief customer officer suggested the bank's app can detect apps not installed from Google Play and disallow operation. Suggestions that Play Integrity or third‑party protections like SafeNet may be involved were mentioned but remain unconfirmed. HSBC told the publication it runs checks to identify potential malware risks and may ask users to take additional steps to secure accounts. The parties have not scheduled meetings, according to the report.

Why it matters

• Customers using alternative app stores or sideloading may lose access to banking apps without clear technical explanations.
• Banking apps that detect and block non‑Play installations raise questions about control over Android device software choices.
• Open‑source distributions like F‑Droid could be affected if financial services treat sideloaded apps as a security risk.
• Unclear detection criteria create uncertainty for users who prefer or require non‑Play store installs for privacy or compatibility reasons.

Key facts

• Multiple HSBC UK mobile customers reported being locked out after installing Bitwarden from F‑Droid.
• Neil Brown, a F‑Droid board member, said HSBC's security screen flagged the sideloaded Bitwarden and prevented access.
• Bitwarden is available from Google Play and Galaxy stores as well as via F‑Droid sideloading.
• HSBC declined to give a detailed technical explanation, saying only that the app checks for potential malware risks.
• Bitwarden and F‑Droid representatives believe the restriction is being imposed by HSBC's app configuration.
• Bitwarden's chief customer officer said the bank's app appears able to detect apps not installed from Google Play and disallow operation.
• Theories about Play Integrity or SafeNet involvement were raised in reporting but were not confirmed.
• No meetings between HSBC, Bitwarden and F‑Droid had been scheduled at the time of the report.

What to watch next

• Whether HSBC will provide a technical explanation for its checks and the blocking behavior (not confirmed in the source).
• If HSBC, Bitwarden and F‑Droid arrange discussions or meetings to resolve compatibility or detection issues (not confirmed in the source).
• Any confirmation that Play Integrity, SafeNet, or another third‑party tool is responsible for the detection (not confirmed in the source).

Quick glossary

• Sideloading: Installing an app on a device from a source other than the platform's official app store.
• F‑Droid: An alternative, community‑run app catalogue for Android that distributes free and open‑source software, often via APKs.
• Play Integrity: A Google service used by Android apps to assess device and app integrity; implementations vary by developer choice.
• Password manager: A tool that stores and retrieves passwords and other credentials, often secured by a master password or encryption.

Reader FAQ

Why did HSBC block access after Bitwarden was installed from F‑Droid?
Not confirmed in the source.

Is Bitwarden considered unsafe by HSBC?
Not confirmed in the source.

How can affected users regain access to HSBC's mobile app?
The report quoted a F‑Droid board member suggesting workarounds such as using a separate device, using a separate user profile on the phone, or accessing services via the provider's website, but no official HSBC remediation steps were provided.

Will this affect other banks or apps?
Not confirmed in the source.

SECURITY HSBC app takes a dim view of sideloaded Bitwarden installations Customers report being locked out after grabbing the password manager via F-Droid Connor Jones Wed 7 Jan 2026 // 10:13 UTC Some HSBC…

Sources

• HSBC app takes a dim view of sideloaded Bitwarden installations

Related posts

• Researcher says HackerOne ignored him for months over $8,500 bounty
• Why is the Gmail app so large on iPhone — a look at its 700+ MB size
• Ledger confirms customer data accessed in Global-e e-commerce breach