banking-apps-compat-report icon indicating copy to clipboard operation
banking-apps-compat-report copied to clipboard

Published 20 hours ago verified publisher icon PrivSec-dev

Tide – Mobile Business Banking

Open glidingthrough opened this issue 2 years ago • 11 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

App name

Tide - Business Bank Account

Link to app

https://play.google.com/store/apps/details?id=com.tideplatform.banking

App version

v3.0.12

Country of the app

United Kingdom

Build Number

TQ1A.221205.011.2022122700

Device list

Pixel 6a

Profile app tested in

Owner profile

Google Play installed

Installed

Google Play services Network permission revoked?

  • [ ] Revoked
  • [X] Not revoked
  • [ ] I did not have Google Play services installed

SafetyNet Enforcement

  • [X] Enforced
  • [ ] Not enforced
  • [ ] Unsure

Native code debugging

  • [X] Enabled
  • [ ] Disabled

Exploit protection compatibility mode

  • [X] Enabled
  • [ ] Disabled

Stock OS compatibility

  • [X] Works
  • [ ] Does not work
  • [ ] Not tested

Description of the app's functionality

Loads initially as you would expect, then about 5 seconds in it pops up with a message saying 'Security Lock, for security reasons the Tide app is unable to run on this device, error code: 4', with a contact button at the bottom available to contact their customer support. No other actions are possible.

Are there any extra notes you think users should know about?

I managed to get the webapp working, which has some basic funcationality: seeing balance and transactions, raising invoices, marking them as paid. At the time of writing, I have not tried sending money through the webapp.

Note that I was unable to get the webapp working on Brave, Chromium or Vanadium (they all failed when setting up biometrics for the new login). Firefox was the only one to work for me.

I installed Firefox (using FFUpdater from F-droid), went to web.tide.co, clicked on the Firefox menu and selected install. This installed the webapp. I then opened this to continue to process of adding a new device login.

ADB logcat of the app if necessary

No response

glidingthrough avatar Jan 03 '23 09:01 glidingthrough

Thanks @glidingthrough

akc3n avatar Jan 22 '23 04:01 akc3n

Update: I managed to get the Tide app to work by downloading it through the Play Store, as opposed to the Aurora Store which I had used previously. It requires the Sensors permission to authenticate your account (for the biometric face check). Very happy!!

glidingthrough avatar Feb 10 '23 14:02 glidingthrough

I can confirm that Tide - Business Bank Account no longer works on GrapheneOS (Build 2024050700), with or without Exploit Protection Compatibility Mode enabled.

I updated the app to the latest version, v3.67.0, from the Google Play Store and now get the following error before the app quits: REF: 7144:8DE8 2000000 Root bypass detected. Closing app for security.

Tide have been contacted with a link to the Attestation Compatibility Guide in the hope that they will fix it, as I cannot access my bank account without the app.

glidingthrough avatar May 15 '24 16:05 glidingthrough

The good news is that the progressive web app works still, with Bitwarden managing passkeys, so all is not lost 👍

glidingthrough avatar May 15 '24 16:05 glidingthrough

@glidingthrough Having the exact same issue with Tide. Can't even log into the PWA because it requires QR authentication via the app (which is inaccessible).

Tried everything, installed through the Play store instead of Aurora. Both enabled/disabled Exploit protection compatibility. Enabled all permissions.

But nothing works, unfortunately.

How are you accessing your account? PWAs log you out every 30 days or so, and you need to re-authenticate your session, which I assume you can't because you can't log into the app.

valiantgenomics avatar Jun 19 '24 13:06 valiantgenomics

@valiantgenomics I installed the PWA with Vanadium and managed to login using biometrics, even though I don't have a fingerprint set up it still works because it defaults to the device PIN.

The PWA lets you send invoices, see transactions and send invoices. It does, however, require approval from the app to transfer funds. So I've been bothering their Support staff through the PWA chat function (authenticating for these chats required me to use a Windows computer with Chrome) about the lack of support for GrapheneOS and I've been getting them to do transfers for me, too.

They say they are still investigating the GrapheneOS error, however I've given up on Tide and am now moving my money to Starling thanks to the excellent community support that kept the app working on Graphene - see #39.

A heads up that I was offered £75 compensation by lodging a formal complaint through the chat about GrapheneOS no longer being supported.

glidingthrough avatar Jun 19 '24 20:06 glidingthrough

I will add the the thing I miss from Tide is the free ability to raise invoices, which costs £7/month in Starling. I've therefore switched to Zoho Invoice which is free and means my invoicing ability is no longer tied to the bank I happen to use, which I suspect may be useful going forward. Zoho Invoice has zero known trackers and their privacy policy is good.

glidingthrough avatar Jun 19 '24 20:06 glidingthrough

@glidingthrough Thanks for the reply! I've already been using Starling for 5+ years, and it's an overall much better bank than Tide. Never had issues with Starling on GOS, and hopefully never will.

The reason why I wanted to get Tide to work, is because they offer the best business savings bank account in the country, with 4.33% (as of time of writing this).

I contacted Tide support today using their generic email support address, and wrote a comprehensive email with everything important from this thread and from Starling's thread.

Hopefully they respond and fix it soon.

Re the invoicing issue. I've never used Starling to create invoices, but FreeAgent. I prefer it to Zoho, but Zoho isn't bad either.

valiantgenomics avatar Jun 20 '24 08:06 valiantgenomics

@glidingthrough Hey, just updated the Tide app now, and it seems to be working fine. I haven't yet created an account but can do so, and the app isn't force closing after falsely thinking GOS is bypassing Root.

Could you please check to confirm, it's working on your end as well?

valiantgenomics avatar Jul 01 '24 16:07 valiantgenomics

@valiantgenomics yes, it appears to be working. Thanks for the heads up 🙏

glidingthrough avatar Jul 04 '24 12:07 glidingthrough

@glidingthrough @valiantgenomics Does Tide continue to work for you?

spring-onion avatar Apr 20 '25 12:04 spring-onion

Sadly the latest version 3.116.0 (797) is also broken. The workaround of performing a "downgrade" to 3.113.0 (794) via manual install in Aurora Store still works (for now). I have sent a report to the developers, although I'm quite pessimistic.

lucaviolanti avatar Apr 30 '25 17:04 lucaviolanti

@lucaviolanti Does it use play integrity and if so, did you try blocking further use? Did you try toggling secure app spawning and see if that makes a difference?

spring-onion avatar Apr 30 '25 17:04 spring-onion

I bypassed all exploit protections, and installed google play services/store. No change. I had a cursory look at the logs, which mentioned errors when reading ro_debuggable and othe ro_* props, not sure exactly.

lucaviolanti avatar Apr 30 '25 18:04 lucaviolanti

@lucaviolanti Okay marking incompatible. Please let me know if play integrity is tripped.

spring-onion avatar May 03 '25 16:05 spring-onion

Decided to give it another try. Installed latest version available on Aurora: v.3.117.0 (798).

Here are the logs (will expire in 7 days):

  • without Play Store/Services, exploit protection compatibility mode enabled https://privatebin.io/?73a37c5568f6bfaa#6davZ9T5M1Go9LCu8WxgkkdHShBv4ZtE8AtY21AfXf5K

  • with Play Store/Services, exploit protection compatibility mode enabled https://privatebin.io/?2515e2fcac117067#AXL1zJ92ziZpedJq71cqSUnNnx8c1JevvZHcKt3Ez6Xf

@spring-onion let me know if there's anything else I can do

lucaviolanti avatar May 13 '25 20:05 lucaviolanti

The Tide support representative asked me to upgrade to v3.120.0 but it still did not work. See attached log file. No Google services installed, exploit protection compatibility mode enabled.

Tide log a45407910d7d.txt

lucaviolanti avatar Jun 01 '25 13:06 lucaviolanti

New release v3.122.0 out, I've been asked to try again by tech support. Still doesn't work.

Same as before, no Google services installed, exploit protection compatibility mode enabled.

Tide log 76c18071018b.txt

lucaviolanti avatar Jun 10 '25 10:06 lucaviolanti

@lucaviolanti - I get directed to a "Rooted Device Detected" webpage, and that's with Google service on my Work profile.

I moved my account away from Tide last year and got some compensation when I made a complaint... Which might be worth pursuing?

glidingthrough avatar Jun 10 '25 12:06 glidingthrough

I get directed to a "Rooted Device Detected" webpage Same, both with and without gapps

@glidingthrough I am still in the loop with their support team (they periodically ask me to try new versions), but if they either drop my case or stop supporting the latest version which works, I'll try that as I look for another provider. Thank you

lucaviolanti avatar Jun 11 '25 08:06 lucaviolanti

I've tested the latest version of the app (v3.130.0) and I've managed to log in successfully. The performance of the app on my Pixel 8a doesn't seem brilliant, but I'm glad it's working.

ryanep avatar Aug 03 '25 12:08 ryanep

@lucaviolanti

spring-onion avatar Aug 05 '25 11:08 spring-onion

I can confirm everything works for me too. No gapps nor exploit protections required!

lucaviolanti avatar Aug 18 '25 13:08 lucaviolanti

Fantastic, this one was a thorn in my side!

spring-onion avatar Aug 18 '25 20:08 spring-onion