Titikey
HomeTitikeyBank App Not Working with AdGuard? A Practical Guide to Fixing HTTPS Certificate Filtering Conflicts

Bank App Not Working with AdGuard? A Practical Guide to Fixing HTTPS Certificate Filtering Conflicts

7/7/2026

If your banking app suddenly crashes, gets stuck on an endless loading screen, or shows a "network error" after you turn on AdGuard, there’s a 90% chance it’s due to a conflict between HTTPS certificate filtering and the bank’s security measures. You don’t need to uninstall AdGuard or give up your online protection — you can sort this out in just a few minutes.

Why Does AdGuard Make Banking Apps Malfunction?

Simply put, AdGuard’s ad blocking goes beyond just hiding banner ads on web pages. To filter ads and trackers inside encrypted traffic, it acts as a "middleman" on your phone — decrypting HTTPS traffic, inspecting it, then forwarding it to the app. To do this, AdGuard asks you to install a local CA certificate so your phone trusts this middleman.

Here’s where the problem lies. Banking apps have much stricter security requirements than regular apps. Many of them use Certificate Pinning technology, meaning the app only trusts specific certificates issued by the bank’s own servers and rejects any certificate issued by a middleman — even if your system already trusts AdGuard’s root certificate.

When a banking app detects an untrusted link in the certificate chain, it kills the connection immediately. On your screen, that shows up as a crash, blank page, sudden exit, or error messages like "Cannot connect to server" or "Proxy detected." This isn’t a bug in AdGuard — it’s a direct collision between two security strategies.

The Easiest Fix: Remove the Banking App from AdGuard’s Filter List

Since banking apps don’t trust AdGuard’s certificate, simply stop AdGuard from handling their traffic. In AdGuard, this is called adding the app to the "whitelist" or disabling filtering for that specific app — it won’t affect protection for the rest of your phone.

Steps (using the latest Android interface as an example; the iOS logic is similar):

  1. Open the AdGuard app, find the shield icon in the bottom navigation bar, and go to the "Protection" page.
  2. Tap "App management" — you’ll see a list of installed apps on your device.
  3. In the search bar, type the name of your banking app, e.g., "ICBC," "China Merchants Bank," or "China Construction Bank."
  4. Tap on the app, then toggle off the option labeled "Route all traffic through AdGuard" or "Enable HTTPS filtering."
  5. Return to the main screen — it takes effect immediately without restarting your phone.

After this, all traffic from that banking app will bypass AdGuard’s HTTPS filtering module entirely. It essentially returns to the system’s default encrypted connection, so no certificate warnings will be triggered. DNS-level filtering and Safari browsing protection still work fine. Banking apps themselves don’t show ads — their interfaces are natively rendered — so disabling filtering for them costs you almost nothing.

Alternative: Batch-Disable HTTPS Filtering for Apps That Don’t Get Along with Certificates

If you don’t want to tweak apps one by one, or you’re not sure which apps might cause trouble, you can manage an "exception list" directly in the HTTPS filtering settings.

Go to AdGuard → Settings → HTTPS Filtering. You’ll see two key entries:

  • HTTPS Filtering Switch: This is the global toggle. Don’t turn it off — that would disable inspection of all encrypted traffic, defeating the purpose.
  • App Whitelist / Exception List: Tap here to manually select apps you don’t want filtered. Check off all banking, securities, and payment apps.

A handy tip: add all financial apps to the whitelist in one go. Then, whenever you install a new banking or investment app, make it a habit to check this list immediately. Banking apps update frequently, and a version update might suddenly add stricter certificate validation. Putting them in the whitelist ahead of time saves you from discovering the app is broken when you’re in a hurry to transfer money.

Another Common Scenario: System-Level vs. User-Installed Certificate Conflicts

Since Android 7.0, the system has placed strict limits on CA certificates installed by users. By default, only system-preloaded certificates are trusted by apps. User-installed certificates (including the one AdGuard asks you to install) are only honored by apps that explicitly mark themselves as "trusting user certificates." The vast majority of banking apps enforce system-certificates-only, so even if you install the certificate, the banking app simply doesn’t recognize it.

AdGuard’s HTTPS filtering relies on that user certificate, and banking apps refuse to trust user certificates — that’s the deadlock.

On iOS, the situation is slightly better because AdGuard handles traffic through a local VPN or proxy, so certificate trust settings are more unified. However, if you’ve installed the iOS version of AdGuard and enabled "Advanced Protection," you still need to install a profile to trust AdGuard’s certificate — and banking apps may still reject it. The fix is the same as on Android: either disable HTTPS filtering for that app, or remove it from the filter scope in settings.

Easily Overlooked Details When Troubleshooting

If your banking app still misbehaves after following the whitelist steps above, don’t panic — the issue might be lurking in these corners:

  • AdGuard bypass/proxy residue: On deeply customized Android systems (MIUI, ColorOS, HarmonyOS, etc.), even if AdGuard shows it has released the app, the system might still cache old proxy settings. Try turning off AdGuard’s protection master switch, wait 5 seconds, then turn it back on, or toggle airplane mode to refresh the network state.
  • VPN mode restrictions: AdGuard typically runs in local VPN mode on Android. Some banking apps detect whether a VPN is active and refuse service if they find one. In this case, merely disabling HTTPS filtering isn’t enough — you also need to set the app to "do not route through VPN." In the same "App management" screen, toggle off the route traffic switch as well.
  • System time offset: Certificate validation heavily relies on accurate system time. If your phone’s time is set manually and off by a significant amount, even a perfectly valid certificate can cause SSL handshake failures. Enable automatic time sync to align with your carrier or network time.

My Real-World Experience: Which Banking Apps Are Most Sensitive

As a heavy electronics user, I keep AdGuard running on my phone all the time, along with several banking apps. From real-world use, the major state-owned banks are extremely sensitive to any change in the certificate chain — ICBC, China Construction Bank, and Agricultural Bank of China will shut down immediately if anything is off, sometimes crashing without any message. China Merchants Bank and Shanghai Pudong Development Bank are more forgiving — they might just pop up a "network not secure" warning that you can dismiss and continue. Bank of China’s "BOC Cross-Border GO" and some regional banking apps follow similar security policies, so I recommend treating them all the same and putting them in the whitelist.

Securities apps behave similarly. For example, Huatai Securities’ Zhangle Caifutong and Hithink RoyalFlush (Tonghuashun) — if they have issues, the symptoms are usually market data failing to load or a "network error" on the trading page. The fix is exactly the same: turn off AdGuard filtering for those apps.

I remember one time, after a banking app update, it froze on the splash screen. I spent over ten minutes troubleshooting and finally discovered it had quietly tightened its certificate validation — and it wasn’t in the AdGuard exception list. I added it to the whitelist, restarted the app, and everything ran smoothly. That little incident taught me not to wait until an app update panics me. Adding all financial apps to the whitelist ahead of time saves a lot of hassle.

When the Whitelist Isn’t Enough: Reinstall the AdGuard Certificate

In rare cases, the certificate itself may become corrupted or expired, causing global HTTPS filtering issues even if the whitelist is set correctly — and the banking app is just one victim. In that case, you can try resetting the certificate:

  1. Go to AdGuard Settings → HTTPS Filtering.
  2. Turn off the HTTPS filtering master switch.
  3. Go to your phone’s system settings → Security → Encryption & Credentials → Trusted Credentials (the exact path varies by device). Find the AdGuard certificate under "User" and manually delete it.
  4. Return to AdGuard, re-enable HTTPS filtering, and follow the prompts to reinstall the certificate.
  5. Reboot your phone.

This essentially re-registers the middleman identity and can resolve weird issues caused by system updates or certificate migration. Note that after reinstalling the certificate, encrypted connections in browsers will need to be re-established, and some apps may experience sluggish connectivity for a short time — this is normal.

Actions That Might Make You Regret It

I’ve seen online suggestions to simply turn off the entire HTTPS filtering feature on your phone just to let banking apps bypass AdGuard. That would mean giving up privacy protection for all apps — just so a banking app you use occasionally works. Absolutely not worth it. Others suggest "root your device and move the AdGuard certificate to the system trust store." Aside from the technical difficulty and bricking risk, most banking apps refuse to run on rooted devices anyway — it’s a dead-end.

The most sensible strategy is simple: keep global HTTPS filtering on to enjoy AdGuard’s clean browsing experience, and only take the few certificate-sensitive financial apps out of the filter scope. This balance sacrifices neither security nor daily payment convenience.

If you don’t have AdGuard yet, or you’re using the free version with limited features and often have to deal with these hassles, there’s a good deal available. Titikey offers genuine AdGuard permanent discount subscriptions starting at just $24.99 — much friendlier than the official price (often over $30). One account can cover multiple devices, saving you the cost of several coffees over time. Pair it with AdGuard VPN or the AdGuard Family plan to clean up your whole household’s browsing environment without getting stressed by a banking app’s tantrums.

I hope this guide helps you turn AdGuard and banking apps from adversaries into peaceful neighbors. When new issues pop up, start by checking the certificate and filter settings — nine times out of ten, that’ll do the trick.

HomeShopOrders