Ability to access balance without Monzo passcode


(Wasim Chowdhury) #1

I noticed that if someone’s phone unlocked, you’re able to add the Monzo widget to their iPhone, and see their balance. Maybe add an in app switch to allow or disallow the widget function.


(Tony Hoyle) #2

You’re also able to reset all their passwords, pay for that tesla you always wanted with apple pay, make a long phone call to your aunt in australia…

The major thing to take from this is don’t lose your phone!.. it’s probably the most important security device that you carry.


#4

You can switch the widget off… On Widgets tap ‘edit’ then switch off the Monzo widget.

I switched my widget on and off no issue on my iPhone


(Wasim Chowdhury) #5

I meant that, if the phone is unlocked, anyone can add it back to the widgets section.


#6

Oh l see!

Well yes but there’s worse things that can be done to my phone unlocked :sushing_face:


(Allie) #7

Or at least, make sure it’s encrypted and has a lock screen.

Balance and payment history is almost the least of the scary things an unsecured phone can do…


(Gareth) #8

Maybe the Monzo app should act differently or recommend setting a code if device security is not found? And likewise, be more open by default if one is.


(Allie) #9

Yes, but so should Gmail, etc… they’re far riskier. Frankly, I think mobile OSes should go into a lock-down calls-only mode if a secure lock screen isn’t set…

I normally hate making technology so controlling over users, but sometimes you do need to protect people from themselves. Put a bypass in the developer options or something, sure. But out-of-the-box a secure lock screen should be enforced on an OS level…