Checking in on some US-based banks.
OnePlus 8T, /e/OS 1.7 (yeah, yeah, I hate having to back up and re-root every update)no safetynet hacks, all downloaded from App Lounge. Also, these results reflect functionality with “Real IP Address” set to “Exposed”, i.e. TOR was disabled in testing. These tests are reflective of the current releases of the respective apps, as of 05 Sept 2023.
Massive caveat: I don’t have accounts at most of these banks (and I’m not indicating which ones I do have), but I figure it’s a start to say “these apps don’t quit on startup or complain about rooting”, which is what I’m going for.
Banks:
Bank of America - no notices or crashes
CapitalOne - no notices or crashes
Chase - no notices or crashes
Chime - no notices or crashes
Citi - ‘rooted device’ notice on start; no crashes
Citizens - no notices or crashes
Santander - no notices or crashes
Sofi - “Something went wrong” after going to login page and exiting Webview; may still work after successful login.
Wells Fargo - no notices or crashes
Credit Unions:
Alliant - “Error - This app cannot be used on this device”.
American Airlines CU - no notices or crashes
Bethpage - no notices or crashes
CPM - no notices or crashes
CU SoCal - no notices or crashes
Golden1 - unsupported on rooted device
iQ - no notices or crashes
Mountain America - no notices or crashes
Navy Federal - no notices or crashes, “enroll in digital banking” produced generic error
Pentagon / Penfed - no notices or crashes, “set up account” had a DNS error
People’s CU - no notices or crashes
SECU (North Carolina) - unsupported on rooted device
Southland CU - no notices or crashes
UW - no notices or crashes; initial login went to site on AdAway block list
Credit Cards:
Visa (Connected Visa) - rooted notice; refuses to run
Mastercard (Mastercard Nearby) - rooted notice; no notices or crashes
Discover (Discover Mobile) - Asks for SU; nags if granted. no notices or crashes
American Express - no notices or crashes
One note about the credit union list is that I started to see a pattern - Southland, Mountain America, iQ, CPM, and People’s (amongst others) all gave me the vibe that they were all written by the same developer due to their similarities. Citi and BofA are big enough to have dedicated programmers, but since the credit unions are smaller and regional, I wouldn’t be the least bit surprised if they all used the same development firm, who copy/pasted the code and just changed some logos / DNS addresses / API keys. I say this because I could easily see changed behavior replicating as a byproduct. If one CU starts demanding safetynet, I’m sure the others will get the change. If one starts crashing, the others likely will too.
Hope this list helps some folks looking for US banking applications!