Android security


(Stephen Brinda) #1

Hi team, just asking how safe is Monzo? I mean i have downloaded extra malware apps for protection from various sites i use. Is there any danger my details could be compromised? Maybe I’m just peace of mind… Or being ocd about being safe online.


(Sufi) #2

Can I ask what made you feel that there might be anything unsafe?

AFAIK, Monzo is as safe as any other fit and proper App. On newer Android phones Google Play scans every App for any malware. Monzo App login is via your email so try to have 2FA for the email account.
In an unlikely worst-case scenario if someone got into your email and managed to log in to your Monzo account they will only have read-only access. All core payment features are protected by your card PIN.


#3

But viewing personal (financial) data isn’t, maybe that is their concern? But this will be addressed on Android eventually as they have plans to include an option of PIN protection on start up of the app at some point later this year, if I understand correctly.


(Andre Borie) #4

i have downloaded extra malware apps

Well if you download malware on your phone all bets are off - however this is not specific to Monzo at all and any other bank’s app is equally vulnerable if your device is compromised.

But viewing personal (financial) data isn’t, maybe that is their concern?

If the phone has malware a PIN won’t save you in any way - the malware would just take the auth token from memory if the PIN is enforced client-side (and use the auth token to do a request by itself), or wait for the user to login with their credentials and then capture the credentials & banking data from memory once the user has logged in.

What I would recommend is resetting the phone if you have concerns (this would wipe 90% of malware, though not guaranteed), make sure it’s up to date (if it’s not and no more updates are being developed, buy a new phone, and I’d suggest iOS as you get updates for longer) and never install apps from unknown sources. Even Google Play isn’t bulletproof but at least it’s mostly safe.


#5

I guess they meant anti-malware apps? Why would you download malware ones!


(Andre Borie) #6

Could be, or it could be fake anti-malware. Malware masquerading as anti-malware is sadly a real thing, and it’s a pretty good reason for a non-technical user to install one (the malicious ads about how your device might be infected and that you need to CLICK HERE and enable “unknown sources” in settings or call a number with shady tech support scammers on the other end can be quite convincing).


(Sufi) #7

I don’t think this is entirely true - And you already know this @MIROW

Most people will have their phones protected by PIN or with bioinformatic identification and I know it’s not perfect for everyone but Monzo Android app does have option to enable fingerprint for privacy.


(Andre Borie) #8

On the other hand, if you’ve got malware running under your user account, neither a phone PIN/fingerprint nor app PIN will save you.


(Sufi) #9

Let it go @Rjevski I am sure that is a typo :smile:


(Andre Borie) #10

Even if it was a typo and he meant anti-malware, this means he’s concerned about what happens if he were to actually get malware on his phone. Plus, I’m always happy to disprove legacy banking myths that an in-app PIN would somehow protect you from malware running as your user account (or worse, as root).


#11

Not all devices have that.


(Sufi) #12

You missed the first part in your quote :face_with_raised_eyebrow: :stuck_out_tongue_winking_eye:


(Stephen Brinda) #13

Thanks everyone for taking time to answer. Yes meant Anti-malware😂. Any account is only safe as you. If your reckless online, then that’s your fault… I don’t download from unknown places… But i have downloaded malware bytes apps… Seems ok


(Sufi) #14

What do you mean by this Steve?


(Stephen Brinda) #15

I have downloaded this app to protect me against malware. This checks the whole system (even msgs).
Sounds pretty good


#16

I use malware bytes along with a few others on the desktop :+1:


#17

“Malware Bytes” is an app name


#18

Resisting the urge to start an Apple/Android war…


#19

There is no War. Android have won the battle across the globe and fallen Apple lies at their feet!


#20

The very fact you are having to install apps to stop Malware and talk about security shows you have already lost :wink:

You just haven’t caught up to realise it yet :joy: