Account viewable before authentication

When you launch to monzo app, it flashes up your balance and transactions for a split second before it authenticates you. I’m using fingerprint auth.

Launch the app and watch
Android 10
OnePlus 7T Pro
3.37.0

I have a screenshot I’m not comfortable with putting it on a forum, given details I can send it directly to monzo.

I do see what you mean - I have the same with my S20 Ultra - also using fingerprint auth - seems to happen when the app is left in RAM on the phone (open in the background) and you go back in.

Workaround would be always killing the app when you’re done using it.

I just tested it with my other ‘bank apps’

Starling doesn’t do this.
Revolut doesn’t do this.

Yes, it needs looking at, but at the end of the day. if you need to look at your bank app, you usually do it somewhere semi-private anyway.

The screen lasts for a split second, if someone was looking over your shoulder, you’d know before they see anything

Mine does it when its a fresh load too :slight_smile: as you said, not a huge issue, just needs looking at.

Same on my pixel 3 , android 10.

I believe it’s been brought up before but I can’t find the thread.

The Android app ‘flashes’ the last displayed screen when next opening, regardless of if you have fingerprint auth or using new biometrics.

If you force-stop the app, then relaunch - it still shows a very quick flash prior to logging in using fingerprint - although this flash is the flashest of flashes.

Same on mine but it isn’t refreshed with latest data

This is still an issue.

Before the app is authenticated anyone opening the app can see the last screen visited, which of it’s the balance screen means the balance.

Over a year and it’s still a bug. Astonishing and worrying. Is Monzo doing anything about it?

I’m almost tempted to get an Android phone.

My app won’t even unlock without manual intervention. Very 2010s.

Huge disclaimer because this sounds very dramatic… It’s only for a fraction of a second. Not at all long enough to read anything and begs the question of why someone would have unlocked your phone and would be trying to access your bank app anyway.

Regardless. I’ve just tested this and I am not able to replicate it - seems to no longer be an issue for me at least on the latest beta version of the app?

2 Likes

Depends on the circumstances, why someone would do it isn’t important, the fact it happens is.

As for circumstances, it doesn’t happen every time, you have to fully close the app, so clear it from the multitasking screen, wait a bit (idk how long, it’s less than the time this message took to write) then launch it again, sometimes you can actually do it instantly.

As for the time period it happens for, the person just has to know its a thing and can screen cap or screenshot or film the app opening then that image is permanently accessible for them.

The concern is that this can technically give out personal details and the issue has been around for over a year at this point.

I can now personally confirm its still an issue on Android using the latest app version, I’m using a fold 2 to test right now, originally the issue was discovered on a OnePlus 7T Pro

1 Like

Sat next to someone, my balance appears on screen before I want it to. That’s a problem. A problem that no other banking app I’ve used has.

And I’m on the beta channel so it’s obviously not yet fixed.

And if you’re still sat next to them, once you’ve unlocked the app, they can see your balance anyway if they want to, surely?

I’m not saying this behaviour isn’t a problem, but in cases like the example you’ve given, fixing the problem won’t fix the problem in the example. Whether they see it before you unlock the app, or after you unlock the app, they can still see.

2 Likes

If someone has your phone, they’ll get far more from your email than your bank account.

But if they can read/remember the info that flashes up for half a second, that’s quite impressive. They’ll get a much longer view when you’re still next to them when you actually unlock the app.

Still not able to replicate it :man_shrugging:

Perhaps you need to provide some more detail like the OP instead of just saying “not working”. Then Monzo will at least have something to go off.

No issue here, comes up with a blank blue screen asking for faceid

OK then. It’s fine. Not a problem. A banking app that flashes up my balance without being authenticated. It’s just me being picky. Sorry for being bothered by that… :man_shrugging:

It happens though, to people on a variety of phones, and regardless of how petty some of you think it is, for a banking app is not great.

It’s also not necessarily the balance. If your last viewed screen was a payee, it’ll show that.

You may call me melodramatic, but it’s the time scale here that’s making me feel this. It’s been a year and nothing has been done about it what other security issues, however small, are being ignored?

  1. It’s not a security issue

  2. Multiple people are saying it’s fixed. Maybe it’s your phone? Android handles privacy very badly.

1 Like

Your point has got lost in all the theatrics and extreme edge cases that you’ve made up which have slim to none chances of happening.

List what phone you’re using, version etc (like the OP) and I’m sure Monzo will take a look :slight_smile:

2 Likes

If you’re an Android user, it would be helpful to know what phone you’re using, and what version of OS, and what version of the Monzo app you have. Others have said their lock screen works as expected, so if could be something unique about your phone/software combination that’s causing it to still be an issue for you.

I’ve just tried it and with :android: 4.2.0, with ‘Unlock app with biometrics’ enabled - the ‘flash’ of the previously displayed screen in the :monzo: app has reduced considerably and is now, as @Ordog informs, a fraction of a second. Even when knowing where to look on screen for the main balance, it is extremely difficult to recognise the value displayed.

I do agree that previous versions did take a little too long to switch from the ‘cached’ display to the biometric login screen though - but the latest version seems to have reduced it down to what I’d deem as an acceptable ‘flash’ before totally hiding.

Pixel 5, Android 12 beta 4, Monzo 4.2.0 beta