I do see what you mean - I have the same with my S20 Ultra - also using fingerprint auth - seems to happen when the app is left in RAM on the phone (open in the background) and you go back in.
Workaround would be always killing the app when you’re done using it.
I just tested it with my other ‘bank apps’
Starling doesn’t do this.
Revolut doesn’t do this.
Yes, it needs looking at, but at the end of the day. if you need to look at your bank app, you usually do it somewhere semi-private anyway.
The screen lasts for a split second, if someone was looking over your shoulder, you’d know before they see anything
The Android app ‘flashes’ the last displayed screen when next opening, regardless of if you have fingerprint auth or using new biometrics.
If you force-stop the app, then relaunch - it still shows a very quick flash prior to logging in using fingerprint - although this flash is the flashest of flashes.
Huge disclaimer because this sounds very dramatic… It’s only for a fraction of a second. Not at all long enough to read anything and begs the question of why someone would have unlocked your phone and would be trying to access your bank app anyway.
Regardless. I’ve just tested this and I am not able to replicate it - seems to no longer be an issue for me at least on the latest beta version of the app?
Depends on the circumstances, why someone would do it isn’t important, the fact it happens is.
As for circumstances, it doesn’t happen every time, you have to fully close the app, so clear it from the multitasking screen, wait a bit (idk how long, it’s less than the time this message took to write) then launch it again, sometimes you can actually do it instantly.
As for the time period it happens for, the person just has to know its a thing and can screen cap or screenshot or film the app opening then that image is permanently accessible for them.
The concern is that this can technically give out personal details and the issue has been around for over a year at this point.
I can now personally confirm its still an issue on Android using the latest app version, I’m using a fold 2 to test right now, originally the issue was discovered on a OnePlus 7T Pro
And if you’re still sat next to them, once you’ve unlocked the app, they can see your balance anyway if they want to, surely?
I’m not saying this behaviour isn’t a problem, but in cases like the example you’ve given, fixing the problem won’t fix the problem in the example. Whether they see it before you unlock the app, or after you unlock the app, they can still see.
If someone has your phone, they’ll get far more from your email than your bank account.
But if they can read/remember the info that flashes up for half a second, that’s quite impressive. They’ll get a much longer view when you’re still next to them when you actually unlock the app.
OK then. It’s fine. Not a problem. A banking app that flashes up my balance without being authenticated. It’s just me being picky. Sorry for being bothered by that…
It happens though, to people on a variety of phones, and regardless of how petty some of you think it is, for a banking app is not great.
It’s also not necessarily the balance. If your last viewed screen was a payee, it’ll show that.
You may call me melodramatic, but it’s the time scale here that’s making me feel this. It’s been a year and nothing has been done about it what other security issues, however small, are being ignored?
If you’re an Android user, it would be helpful to know what phone you’re using, and what version of OS, and what version of the Monzo app you have. Others have said their lock screen works as expected, so if could be something unique about your phone/software combination that’s causing it to still be an issue for you.
I’ve just tried it and with 4.2.0, with ‘Unlock app with biometrics’ enabled - the ‘flash’ of the previously displayed screen in the app has reduced considerably and is now, as @Ordog informs, a fraction of a second. Even when knowing where to look on screen for the main balance, it is extremely difficult to recognise the value displayed.
I do agree that previous versions did take a little too long to switch from the ‘cached’ display to the biometric login screen though - but the latest version seems to have reduced it down to what I’d deem as an acceptable ‘flash’ before totally hiding.