App, Security and Privacy (Fingerprint, Pin, or Password)

In this case, would you like them to accidentally click on some malicious ad and install this new free “game”? And then someone else will be able to have access to your account balances.

I’ve educated them to not click random links/install random games. Security I’m not concerned about, it’s privacy that’s key to me.

1 Like

In this specific case an app locking solution would work (some people here mentioned third-party solutions). Also I thought Android had multi-user support by now, maybe you can use that?

1 Like

I could do but when all my other banking apps are pin/password locked it seems a little excessive to be coming up with a solution specifically to get around a shortcoming in Monzo’s app.

In any case, I’m hoping this will be resolved in the updates that come as part of the current account rolloout. There’s no point in them making changes now for the pre-paid card.

2 Likes

The Data Protection Act says that: APPROPRIATE TECHNICAL and organisational MEASURES SHALL BE TAKEN against unauthorised or unlawful processing of personal data and AGAINST ACCIDENTAL LOSS or destruction OF, or damage to, PERSONAL DATA. This is the seventh data protection principle.

A pin or password on the Android app would be an appropriate technical measure against accidental loss of personal data.

3 Likes

Well the iOS Monzo app has Touch ID so I’m pretty sure once they launch the current account they’ll have the same features on the Android app.

On the other hand personally I am grateful Monzo did away with all this “security theatre” BS where simply looking at your balance is behind 10 layers of “security” (though all of them will be defeated by malware, making the “security” moot). I remember having to reverse engineer the Nationwide app’s API just so I could make my own lock screen widget to display my balance without typing a PIN, and that was a painful experience I never want to deal with again (they’ve since lost me as a customer in favour of Monzo).

3 Likes

I believe the default should be secure and private with the option to turn it off if you want to.

2 Likes

Should it really be the default? Personally I think your use-case is pretty unique, and most people keep their phones private already (though a lock screen passcode or fingerprint) so I don’t think it makes sense to have it as default. Plus we’d be sinking all the way down to the bottom where the other banking apps we like to mock are.

3 Likes

I think for any app security and privacy should come first. Breaking out of that should be optional.

2 Likes

Facebook, Instagram, SMS apps, mail clients, browsers, etc… will have to disagree.

Don’t you think again that it’s generally accepted that the main security is provided by your phone’s passcode? I know why you want it to be like that but unfortunately your use-case is unique (and again, there are proper solutions out there like multi-user support) and not representative of the entire user base.

3 Likes

Sorry, I should have said security/privacy in context. Somebody getting hold of my phone unlocked and using the calculator is not something I’m too worried about.

Similarly, somebody having access to my phone and using Facebook is one thing but somebody having access to my phone and being able to view all of my financials is another.

Having children that use your phone I don’t think is particularly unique.

As I said earlier, this is probably a none issue once the current accounts come out.

1 Like

I haven’t mentioned this before because I’ve said it so many times already in this thread but yes, it’s a non-issue, fingerprint protection for the Android app is on the roadmap.

And in the meantime using guest accounts, is the recommended solution but you could also use a 3rd party app, regardless of whether it makes a user ‘feel’ like they’re fixing a gap in the app. Obviously Monzo are aware of these alternatives & the fact the users have the ability to manage this use case already.

Both you & Andre have been right, about the need for a solution for privacy & the fact that the phone’s passcode is what provides the security for your Monzo data, throughout this discussion.

1 Like

Edit: judging by some responses I want to clarify this is not about “you should show how rich you are to everyone”, but more like “if they’ve got access to your phone, your bank balance is the last thing they’d want”. This doesn’t mean anyone should have access to your phone in the first place, so use your OS’s locking features and use a strong PIN or fingerprint.


Original reply: Slightly off topic, but is it a general thing to be that worried that someone would be able to see how much you’ve got in your account? In my case I’d be way more worried about someone looking at my texts/pictures with my girlfriend rather than them looking at my balance - something they can already infer based on the kind of phone I’ve got in hand and the kind of car I drive.

3 Likes

With kids, it’s not explainng why they can’t have a new telly for their room when there’s so much money in the bank account :grinning:

no it is not a non-issue
a) not all phones have a fingerprint reader
b) people with certain medical conditions can not use that technology

this is not possible on all Android versions

2 Likes

Fingerprint has a PIN fallback on iOS, I’m sure it’s going to be the same on Android (though I think on Android the PIN would have to be implemented by Monzo, while on iOS the fallback mechanism is built into the OS).

As I’ve said, you’re welcome to come up with a secure robust recovery system if you want a PIN - I’m all ears but you haven’t yet :disappointed:

Click the :arrow_down_small: to view the full post, including screenshots of comments from the Monzo team.

I appreciate all of the posts you’ve made this evening, they’ve been spot on. But for your sake, please read the earlier posts in the thread, this has been covered.

it is not just the balance.

On my Android app Monzo are failing to provide protection of the following personal data:
:black_small_square:balance
:black_small_square:transaction history
:black_small_square:history of where you were at the time transactions made
:black_small_square:home address
:black_small_square:email

Their recommendation to use a third party app or OS functionality while a solution for some does not negate from the fact they are not taking adequate steps to protect the personal data of their users

5 Likes

To answer your question, yes - for some people. Not everyone advertises their wealth with material goods (people who are thrifty or maybe aiming for FIRE), and not everyone has the wealth they advertise as having (car/phone/expensive watch on finance or credit cards).

1 Like