Brad_wp
Contributor

This is absolutely unacceptable.  It is not any of your business, and none of your concern whether I choose to take more control over my android device.  The argument about rooted devices being unsecure is bogus.  I have more control over the security of my phone and what is running on it BECAUSE it is rooted.  

 

RELEASE A NEW VERSION THAT DOES NOT DISABLE ITSELF WITH A ROOT CHECK.  I'VE BEEN LEANING AWAY FROM USAA BEING MY PRIMARY BANK FOR A WHILE, AND THIS MAY BE THE NAIL IN THE COFFIN.  IT'S NOT UP TO MY BANK TO TELL ME HOW TO USE MY ELECTRONIC DEVICES.

6 REPLIES

There are thousands of us in the same boat. I have finally had it, and after close to 20 years as a USAA member, I have opened a Navy Federal account and have decided to transfer my funds over to them. I am going to start the slow process of changing all my banking over to Navy Federal.

 

USAA has a TON more features than Navy Federal, but the one things Navy Federal lets me do that USAA does not is banking on my mobile phone. I do 99% of all my banking from my phone, but since they blocked me from using their app, all of their features are useless to me, which makes Navy Federal the better option for me.

 

Even the big wigs, like Chase, Bank Of America, etc don't block rooted phones from using their apps, so why does USAA do so? I'll tell you why. Because they are ignorant and have no idea what a rooted phone is. They think everyone that has a rooted phone is a hacker of some sort, even though there is NO way a rooted phone can cause any security risk to USAA's computer systems. They literally have no idea what it means, so they are blocking something they know nothing about out of utter ignorance.

We understand that not being able to access the USAA Mobile App can be frustrating. We’re committed to providing you the best experience while ensuring your financial information is secure. While the decision to root a device is entirely up to the end user, USAA can’t put our app on a device that puts the larger membership at risk. We are focused on system-wide security to protect all members and the association. Cybercrime is an unfortunate reality in today’s environment, and it is a shared responsibility to fight this battle together. Should our members decide to continue using a rooted device for their personal needs, we recommend using usaa.com to manage their accounts. I appreciate you providing this feedback, as we are always looking for areas of improvement for our member experience. ~ Samantha

As a result of your root check, I am now unable to use your services. I am responsible for my disabled mother's finances, and am now unable to transfer her money quickly. Now I have to call in, during banking hours, have her info on hand, or get her account directly linked to mine. Linking her account to mine actually violates the terms of my being in charge of her finances because there is not supposed to be a direct link between the account her disability funds are transferred to, and her personal account. You do not provide convenient options online that allow me to obey the law in this case. So I'm be left with having to call you every single time she needs her funds, during banking hours, and not on the weekends? And She'll get it in a few days as long as it isn't a Holiday or weekend? Your online method would result in her being unable to pay rent on-time, or me violating the law in regard to her disability payments. Your answer? Restore my device to factory settings (or buy another one). This reduces MY security as a whole as well as degrading the performance of my device. THIS is the only option you give that even comes close: Wire Transfer Fees: Domestic Outgoing: $20 International Outgoing: $20 International Service Fee: $25 Incoming: $0 Please note the hours at 7:30 a.m. to 4 p.m. Monday though Friday. This is unacceptable, and I am very disappointed with the once quality services USAA used to offer. After a good couple decades, I am now looking into other options outside of USAA.

@--------- I am sorry to hear that this is causing you frustration. I have forwarded your post for review so that your concerns can be addressed. Once review is completed you will be contacted. Thank you. ~ Suzy

This nonsense has been the biggest foul-up I can ever recall from USAA.  I come from a military family.  My parents are veterans, children of veterans, etc.  Imagine my un-ending frustraiton when suddenly and without warning they started getting messages that they could not perform their online banking with their phones.  These are phones that I bought for them and which I configured and set up for them.  They are NOT rooted devices.

 

MANY others in the USAA community have posted to these forums with the same problem:  an un-rooted phone is erroneously detected as "rooted" for reasons that are not explained and the USAA app will not function.  This is awful and foolish.  It hurts users while doing nothing to actually improve security.

 

And don't you DARE respond to me with your terrible canned message.  In fact, I'm so tired of seeing it in other threads that I'm going to pick it apart here, line-by-line...

 

 

"We understand that not being able to access the USAA Mobile App can be frustrating."

No, you clearly don't understand.  Or else you'd be doing something to correct this problem.


"We’re committed to providing you the best experience while ensuring your financial information is secure."

No, you're not.  If you cared about proper security, you wouldn't use SMS messaging for two-factor-authentication.


"the decision to root a device is entirely up to the end user"

But as many in these threads have said, your app now flags NON-ROOTED devices as potentially rooted using some hair-brained detection scheme.  It is NOT your business what other apps or tools someone has on their phone for work, etc.


"USAA can’t put our app on a device that puts the larger membership at risk."

Nothing about an end-user's device should EVER have impact on the "larger membership" so this statement is just beyond ridiculous.  And you've been called out for it repeatedly by others in these threads, yet you keep spouting it.


"We are focused on system-wide security to protect all members and the association. Cybercrime is an unfortunate reality in today’s environment, and it is a shared responsibility to fight this battle together."

Blaming the users for security problems is the NUMBER ONE thing that the infosec industry has tried to get people to stop doing.  It is NOT the users' fault if there is a data breach.  And having a rooted phone should have zero impact on your "system-wide security" because you should never rely on endpoint devices (especially ones not under your control and management) as a core element of enterprise security.


"Should our members decide to continue using a rooted device for their personal needs, we recommend using usaa.com to manage their accounts"

This is the biggest middle finger of all.  Telling people that they can try to poke about with a mobile site in a phone's tiny web browser as if that is equivalent to a simple to use app is horrendous customer service.  Ever try to mobile deposit a check using the USAA web site?  Yeah, I didn't think so.


The simple fact is that someone, somewhere within USAA's IT org got a bee in their bonnet about "rooted phones" and has been hammering and hammering this policy down people's throats with complete and total disregard for whether it makes sense or even works as intended.  You have scores of users now who can't use the USAA mobile app and you have achieved nothing security-related in the process.

As an IT consultant of almost 20 years, your response to USAA is 100% correct. I have run into the same issue and now use Navy Fed for all of my business banking and the majority of my personal banking. Hopefully they pull their heads out before they lose a bunch of customers.