Navy Federal Bank App

DeletedUser630

24fps I am having this same issue. Any resolution? Works in browser, works on other phones, doesn't work in the app, tested on pixel 8 and pixel 9 pro XL.

noreply

The newest release is not working.

dregrinfuces

Yep. You're right. It pops up with a message at the bottom saying "Your device appears to be modified. For security purposes, please us a different..." Dismissing that locks out the sign in fields.

dregrinfuces

I'd sure like to know why this site randomly pops up a message that "You do not have permission to do that" when I try to edit a 5 minute old post.

Anyway, I've yet-again updated my rating with a comment on NFCU's Play Store page and sent them a message about it on their site.

dregrinfuces

And, as expected, here's NFCU's response:

"03/06/2026

Response from Navy Federal
Thank you for your eMessage, Mr. Lessnau. We do apologize for this inconvenience. When an Android device indicates it needs modification for the Navy Federal app, it usually means the app's security protocols have detected that the device is rooted, jailbroken, or running a modified/unsupported operating system, which poses a security risk to your financial data.

What This Means & How to Fix It:
Security Risk Detected: The app refuses to run because the phone's security integrity is compromised, often due to rooting (gaining root access) or custom ROMs.
Fix - Unroot/Restore: You must remove the root access (unroot) or restore your device to the official manufacturer operating system.
Fix - Clear App Data: Sometimes, a corrupted cache can trigger this. Go to Settings > Apps > Navy Federal > Storage and clear cache and data.
Fix - Update Android: Ensure your device is running the latest official version of Android, as older versions might be flagged as insecure.
If these steps do not resolve this issue, please call our Digital Department at 1-888-842-6328. We are here to assist, 24/7. Thank you for your patience. "

And for everyone seeing the same problem, please log on to your NFCU account on your computer and send them a message telling them to use the proper methods to validate the phone's integrity:

https://grapheneos.org/articles/attestation-compatibility-guide

and

https://developer.android.com/privacy-and-security/security-key-attestation

GrapheneOS

dregrinfuces Your post got filtered due to the phone number since spammers keep posting phone numbers, we approved it now.

ice_236

dregrinfuces Would you be willing to share the message you sent them?

dregrinfuces

Sorry about that. I just grabbed NFCU's reply and dumped it here without thinking about that. I couldn't figure out why the post was grayed out. I think I'll try editing out their 888 phone number anyway since people shouldn't trust what I (a random person) say. Thanks.

dregrinfuces

Sure. Here's the whole string:

"03/06/2026

Your Message
Under GrapheneOS (which is MORE secure than Android), the app now says "Your device appears to be modified. For security purposes, please us a different..." and locks me out. DEVELOPERS: you need to use https://developer.android.com/privacy-and-security/security-key-attestation for properly determining the integrity of the phone. Check here for more: https://grapheneos.org/articles/attestation-compatibility-guide .

03/06/2026

Response from Navy Federal
Thank you for your eMessage, Mr. xxx. We do apologize for this inconvenience. When an Android device indicates it needs modification for the Navy Federal app, it usually means the app's security protocols have detected that the device is rooted, jailbroken, or running a modified/unsupported operating system, which poses a security risk to your financial data.

What This Means & How to Fix It:
Security Risk Detected: The app refuses to run because the phone's security integrity is compromised, often due to rooting (gaining root access) or custom ROMs.
Fix - Unroot/Restore: You must remove the root access (unroot) or restore your device to the official manufacturer operating system.
Fix - Clear App Data: Sometimes, a corrupted cache can trigger this. Go to Settings > Apps > Navy Federal > Storage and clear cache and data.
Fix - Update Android: Ensure your device is running the latest official version of Android, as older versions might be flagged as insecure.
If these steps do not resolve this issue, please call our Digital Department at xxx. We are here to assist, 24/7. Thank you for your patience.

03/06/2026

Your Message
The problem is not with my phone. The phone's integrity isn't compromised. The problem is that you're using incorrect methods to validate the integrity of the phone. You're using Google's methods (which want people to use Google's Android and services instead of more secure and private alternatives, i.e., GrapheneOS) to check integrity instead of the open API to do so. Others on the GrapheneOS forum are reporting the same problem. Please pass the links I provided to your developers so they can properly implement checks for phone integrity.

03/06/2026

Response from Navy Federal
Thank you for your follow-up eMessage. Although we appreciate your suggestion, our security systems can only accommodate non‑modified devices and non‑beta versions. This ensures that your accounts remain secure at all times. If we can be of further assistance, please let us know.

03/06/2026

Your Message
So, because your software people are using the wrong method to validate phone integrity, you're saying that I (and everyone else using GrapheneOS) can't use your app? We need to find another credit union? Because there are no NFCU branches anywhere around here and the only way to electronically deposit checks to you is through your app. Regardless of whether you think you can support properly checking device integrity, please forward those links to your software people."

I suppose I should have been more polite. Sorry about that.

dregrinfuces

And here's the last bit of my interchange with them:

"03/06/2026

Your Message
And I apologize for being a bit terse, above. I'm just a bit upset about losing use of your app. But, while you're talking to your software people, ask them to implement proper 2 Factor Authentication. SMS is nearly worthless. You need to at least be using TOTP and, preferably, have options to use hardware keys like Yubikey.

03/06/2026

Response from Navy Federal
Thank you for your eMessage, Mr. xxx. There’s no need to apologize! We understand how frustrating it can be to lose access to an app you rely on, especially for essential services.

We want to assure you that your feedback is valued. We appreciate your feedback regarding Digital Banking, and we will take your comments into consideration as we make enhancements to this service.

At this time, our mobile app security systems rely on specific device integrity standards, which can prevent the app from functioning on certain modified or non‑standard operating systems. While we can’t speak to future development decisions, we can assure you that your concerns and the resources you provided will be evaluated by the appropriate team.

If you need support with any transactions or have questions in the meantime, please let us know! We’re here to help in any way we can. Thank you again for taking the time to share detailed feedback with us. We'd like to thank you for your xxx years of membership! If we can be of further assistance, please let us know."

So, they've dug their heels in and have basically told me, politely, to go pound sand.

Riverside7114

dregrinfuces I'll throw in my two cents and say I experience a similar response. I called over the phone first, and the agent I was speaking with seemed to have gotten a non-zero amount of calls today about Graphene. He started reading off of what sounded like a Slack message or Teams message to himself about other people calling in. I basically got told to use the online message system, same as you, and the response I got was "We are aware of the issue" pretty much. I really am hoping they reverse this stupid decision as, like you, I use the mobile deposit quite frequently, and not having it would be a huge pain.

dregrinfuces

According to:

https://www.advratings.com/credit-unions

"Navy Federal is the largest credit union in the US and worldwide with more than 14 million members and $181 billion in total assets."

If NFCU can't/won't get checking phone integrity right, I can't see how anyone else can/will either. It's just scary.

casualmilkenjoyer

I received the same message for a couple of days, but the app seems to be working now.

dregrinfuces

Interesting. Mine works, too, now. Looking at the Google Play store, it says the app last updated on 02/25/2026. That was a week or two before I checked last time and it didn't work (03/06/2026). Checking that app version inside the now working app, it says it's dated 02/02/2026 (and that matches the Version number on the Play store (2026.2.2)). I wonder if they somehow reverted the app to an earlier version.

« Previous Page