Reference coverage of the Exchange Bank mobile banking app: feature set across iOS and Android, biometric sign-in, device enrollment, the permissions the app requests, and how it behaves when the phone loses a signal.
The Exchange Bank mobile banking app is a near-parity companion to the browser dashboard. It covers balance checks, transfers between the customer's own accounts and to external payees, bill pay, alerts, secure messaging, and mobile check deposit. Card controls sit in the app as well, which means a customer can freeze a debit card, set a travel note, or change a daily spending threshold in seconds without phoning the branch.
A small set of features live only in the app rather than in the browser. Biometric sign-in is the obvious one because it depends on a device sensor. Mobile check deposit is another — the endorse-and-photograph flow works best when the camera is already in hand. Push notifications for card activity also require the app, because a browser does not receive push messages once the tab is closed.
When a customer enables Face ID on iOS or biometric unlock on Android, the app stores an encrypted token tied to the device's secure enclave. The next time the customer launches the app, the operating system confirms the biometric and returns a yes or no. The fingerprint itself never travels to Exchange Bank, which is why losing or replacing the phone forces a fresh passcode sign-in and a new biometric enrollment.
The first sign-in on a new phone is the slowest one by design. The app requires username, passcode, and a one-time code from the registered channel. Once that device is marked trusted, subsequent sign-ins are a single biometric tap. That asymmetry is the price of keeping a stolen phone from becoming a frictionless banking terminal.
Three permissions cover almost every useful feature. Camera powers mobile check deposit. Notifications power account alerts and card-activity messages. Location is optional and powers a lightweight fraud signal — for example, a late-night sign-in three time zones away from the customer's normal pattern lands in a higher-scrutiny bucket when location permission is granted. None of the three are required for basic balance-and-transfer use.
| Feature | iOS | Android | Notes |
|---|---|---|---|
| Biometric sign-in | Face ID or Touch ID | Fingerprint or face unlock | Per-device availability |
| Mobile check deposit | Yes | Yes | Requires camera permission |
| Push notifications | Yes | Yes | Toggle in alerts area |
| Widget support | Balance widget | Balance widget | Home screen glance view |
| Tablet layout | iPad optimized | Large-screen adaptive | Side-by-side tiles |
| Card controls | Yes | Yes | Freeze, travel, threshold |
| Digital wallet add | Apple Pay | Google Pay | Launched from card detail |
| Offline mode | Read cache | Read cache | No transactions offline |
For help reasoning about mobile app security posture in general, the CFPB fraud and scam guidance covers the interplay between device security and account protection. Readers who want the federal view on deposit coverage can check the FDIC consumer resource library.
Sign-in entry points start at the exchange bank login reference, with the login help-guide covering the keyboard and password path. Digital siblings include online banking, bill pay, wire transfers, account alerts, and mobile check deposit. Account references sit on personal checking, personal savings, money market accounts, and personal credit cards. Business readers move to business checking, business savings, merchant services, treasury management, and SBA loans. Security context lives on security center and contact us, and the overview pages are about Exchange Bank, leadership, and help resources.
"Face ID, balance check, card freeze — three taps and I am done. The mobile banking app has the right features without trying to be a magazine."
Amara Nwankwo Pediatrician · Nwankwo Pediatrics, Sebastopol, CA
"The offline indicator saved me once at a jobsite in the hills. I could see the cached balance and knew the app was not confirming anything live."
Nathaniel Pemberton Welder · Pemberton Metal Works, Graton, CA
The app runs on iPhone and iPad devices on current iOS versions and on Android phones and tablets on currently supported OS releases. Older operating systems fall out of support when the underlying cryptography or app-store minimums change.
After a passcode sign-in on a trusted device, the app offers to enable Face ID, Touch ID, or Android biometrics. The biometric becomes a local shortcut for the saved credential. The raw biometric never leaves the phone — the app receives a true or false from the operating system.
The app asks for camera permission to support mobile check deposit, notification permission for account alerts, and optionally location permission to help the fraud engine separate a genuine sign-in from a suspicious one. Each permission can be declined or revoked later in device settings.
Offline the app can display the last cached balance and recent transaction list, but any new activity, transfer, or deposit requires a network connection to hit the bank's servers. The app shows a clear offline indicator so a customer never mistakes a cached screen for a live one.
Sign in to online banking on a desktop, open the profile menu, and remove the lost device from the trusted device list. The same profile menu lets the customer end all active sessions, which is the recommended pair of actions after any missing-device event.