The problem (for the bank) is they are now liable in the UK[1] if you are defrauded because someone installs malware on the phone. There's basically zero upside for the bank to allow customers to use F-Droid, since probably 0.0001% of their customers would do this, compared to a vastly greater number of customers being tricked into installing random malware on their phones.
Accessibility settings are a tricky one since that's a separate law. I wonder if they whitelist screen reader apps from the official app store. Anyway that's not the case in the original article.
risk management is all about what the bank is willing to trust.
in this case it decided it was risky because have any information on the provenance of your overlay, but you could source an overlay from somewhere they trust, like the default app store.
A bank refusing you access because of your accessibility settings (app overlay is one) is not reasonable.
The problem (for the bank) is they are now liable in the UK[1] if you are defrauded because someone installs malware on the phone. There's basically zero upside for the bank to allow customers to use F-Droid, since probably 0.0001% of their customers would do this, compared to a vastly greater number of customers being tricked into installing random malware on their phones.
Accessibility settings are a tricky one since that's a separate law. I wonder if they whitelist screen reader apps from the official app store. Anyway that's not the case in the original article.
[1] https://www.bbc.co.uk/news/articles/cy94vz4zd7zo
risk management is all about what the bank is willing to trust. in this case it decided it was risky because have any information on the provenance of your overlay, but you could source an overlay from somewhere they trust, like the default app store.