Warn? Yes. Refuse access? No.

I would close my bank account over this. That’s not saying much though because they literally pay you to open new bank accounts these days…

If the sideloaded app manages to hack HSBC and steal the customers money they are going to have a demand to refund the customer a bunch of money. I can understand their position.

I understand that, but the thing I've never understood is that banking apps only care about meaningless measurements like whether a device passes Play Integrity. I have a tablet that passes Play Integrity but is also over 6 years behind on security updates. That device should not be allowed to run banking apps.

Why not refuse to run on devices that don't have current security updates? How useful is Play Integrity actually for avoiding these types of problems?

If you cared even slightly about the app, you wouldn't have a HSBC account anyway, you'd have Starling or Monzo or maybe Revolut

Most banks now require their app for MFA for payments, sadly. They used to offer these "calculator" devices but most banks I know of in my country now require their app. Which sucks for me because I don't want to have my authenticator on a hackable internet-connected device.

and as soon as you login to their app once, that other key gets invalidated.

It took weeks to convince them to switch me back to that key because they couldn't understand the concept that their app refused to run on my phone

Yeah here they just sent an email "from <date> onwards all verificators are revoked, from now on you must use the app" :(

Yes the problem is when all banks start doing this BS though.

This is a freedom we have on Android