> I find it disturbing that any app can examine your device in this much detail.

When I did a tiny bit of Android development a few years ago, I was astonished how free the app I made was to just examine the file system. I assumed it would be like the web, where each website can have its own little SQLite database and cookie store equivalent, but that's it. I don't know if it's changed, or if it was just because I was in a "dev mode" somehow, but that was very surprising.

You could try getting them to give you a physical security key, they used to supply them and I think still will if you can't use the app (just say it doesn't work on your phone). I have one and the website still works with it.

The HSBC app runs fine on my rooted phone with a few magisk plugins and 5 marketplaces installed and a ton of sideloaded apps.

It used to let you use it with a full-on rooted phone, it just popped up a message saying 'it's not our problem if you get robbed'

i wonder what caused the change

as others have said, you can ring them up and get a physical security key, it works for the website

Do you happen to remember which bus company this was? Is there any article you can link me too as I’m quite interested in reading some more on it.

The app works for me just fine despite having lots of non-google play apps installed, is this an Android 15 thing?

Kind of ironic since you can't easily export data as an end user without some friction

The HSBC UK app runs perfectly well on my Android phone, including full biometrics, 2FA for the website and for major functionality like transferring money.

I have at least a dozen apps installed on my phone that are not from the Play Store - a mixture of other stores (Samsung/Epic) and apps that are not from any store but I've compiled myself, or downloaded APKs directly from the developer website.

This isn't true.