bunq: A bank failing to give customers access to their account because of <random reason here>

So ever since I arrived in the U.S., I rarely used my iPhone, because it would be too expensive with my German contract. Now, after a while, I took an offer from a local carrier just to find out that my old phone is not compatible with American LTE bands. Not willing to spend another $800 on a phone, I decided to sell my old iPhone and replace it with a OnePlus 3. I set it up and downlaoded apps of all my bank accounts and services I used in Europe.

All of them? No! It turns out, bunq does not offer the App through the Play Store when your Play Store Region is set to America. I contacted Support so let me paraphrase: “It is so we don’t confuse Americans who can’t use the Service right now”. This statement is utter bullshit, because bunq offers the App in the American [iOS] App Store. I just verified that with an iPhone whose owner has never left the States. On top of that, even small regional banks like the Sparda Bank are offering their apps worldwide – for a good reason!

I got on their forum to ask for either them to release the App or provide me with a link to download the .apk directly, to receive this answer:

Due to security reasons we don’t share our APK apart from in the Google Play Store.

WTF? Are you kidding me? Offering the app directly does not make anything less secure. In fact, not offering the app puts their users at risk because customers might use third party download sites to download the app – who might repackage it and include a little extra. I supposedly downloaded the same app from two different sites, yet they are two different files. At least one of them was tampered with.

4f18c6aee[...]cc9e5d5b7ae54f630959b bunq_3.2.3_apk-dl.com.apk
a1f088fe5[...]4d9e74ea2fadfbfd2c1de com.bunq.android-3.2.3-apk.plus.apk

So bunq. If you want to make things “more secure”, release your .apk and the corresponding sha256/512 hashes along with it.

To this moment, I have no longer access to my account and can’t make payments or review direct debits. I will update once bunq has chosen to release the app either to the U.S. Play Store or release the .apk files on their website.

Update (jumping through hoops): Luckily and unexpectedly, the bunq slice app is available worldwide (facepalm!). You can download this through the Play Store and compare the signature of a third party download of the bunq app with the slice app. This way it is possible to verify a file obtained through shady sources. I will post a howto in a couple days, should bunq not release their app. Let’s just hope they don’t pull the slice app instead.

Update 2:

Good news! We’ve released our Android app worldwide, just like our iOS app!

The remaining question is, why that didn’t happen straigt away and I had to blog and tweet first. But all’s well that ends well. Thank you bunq!

4 thoughts on “bunq: A bank failing to give customers access to their account because of <random reason here>”

  1. Great that you accomplished this! It really is an anti pattern to exclude app store regions with the mobility that people today have.

    From their perspective though, there’s something to be said about the security impact of releasing APKs directly to consumers. Most apps today, also bunq, rely on the update mechanism that Google Play provides and don’t implement their own in-app mechanism to make sure users stay on a recent version. So in that sense there is a negative security impact if they were to release direct APKs every now and then, without a proper plan on how to keep these users updated. But you’re also correct – people will still download from other sites which might be even worse – but at least it’s not something they are accountable for or something they recommended.

  2. I know this was a while back now, but for future reference if anyone ends up landing here you could always use a VPN app to set your location to be identified as Germany.

    1. A VPN is not enough, you also need a German (second) google account with a working local payment method. Nevertheless, even local small banks like Spardabank have their app available worldwide…

Leave a Reply

Your email address will not be published. Required fields are marked *