I’ve raised security concerns on this forum before as well as by email with Monzo. From the community response I got I think most people are happy with things as they are. As for the email, Monzo couldn’t be bothered to respond.
3 Likes
I agree with the OP in some points. For a financial app, this one is unbelievably in insecure. I do lock my phone but I also often lend it to other people when showing photos, articles, etc. So it unacceptable that anyone can send large amount of money to their account just by opening the app and to get my pin only my date of birth (which is not a secret to many people). I’m afraid I have unlink my card and uninstall the app because this is just too much. I will also not recommend this app until it improves.
At least optional query for a custom password before transactions would improve the security greatly. If anyone doesn’t want to be bothered with a password, they don’t have to turn it on. I get that this is a beta but this seems like such an obvious thing that I cannot belive it is not there.
3 Likes
And yet this clearly hasn’t caused significant issues because Monzo haven’t added the types of protection that you’ve mentioned. Monzo are liable for unauthorised use of the app so it’s in their interest to make sure that it’s secure…
1 Like
it is not a matter of security but privacy.
when you let your kids or friends borrow your phone and they are able to go into your account and view balance and transactions that is poor.
you should not need to download another app like Norton AppLocker just to make up for this dire lack in the Monzo app.
Instead of wasting time tweeking the app to send emojis to fellow Monzonauts they should spend their time adding something useful like a 4 5 or 6 digit pin to secure users account information
Without such a privacy move anyone can go into the app and view balance, transactions, home address, email address, turn on the magstripe or close the account!
7 Likes
Radeklat’s post was about security. And as you know, fingerprint protection is on the roadmap.
It’s not hard to set up the Norton app is it?
1 Like
If it isn’t needed, why does the iPhone app have the feature?
2 Likes
I didn’t say it’s not needed but it’s a privacy feature, not a security feature -
Not everyone has a fingerprint reader or can use such a reader. The simple addition of a PIN, oft mentioned in this forum, would be a better solution, and as people have suggested with an option to toggle on or off in the settings.
Personally I think it is disgraceful that the bank don’t seem to give a damn about our privacy. It is all very well worrying about security and transfer of money but privacy and unsanctioned viewing of your transaction data etc is something they should seriously address
3 Likes
I really don’t understand why Android users have to defend the feature and Monzo / iPhone staff and users argue against it when iOS has it.
3 Likes
I’m not arguing against the feature either…
There’s a queue of features on the roadmap & this is one of the features that’re waiting to be built.
3 Likes
Do fingerprint auths not generally revert to pin or pattern on Androids that don’t have fingerprint readers or when fingerprint authorisation has failed?
EDIT: I would expect Monzo to have PIN as backup when no fingerprint reading is possible. What way does it currently work on on Monzo’s iPhone app?
1 Like
It’s disingenuous to describe it as “unbelievably insecure” for this reason, when other banks are still fucking up certificate pinning, SSL verification, password storage and other actual security issues.
Sure, some form of access control functionality might be useful. I still think the Android screen lock and PIN re-prompts are acceptable, though.
2 Likes
I’m curious, do people who want the Monzo app to have a PIN lock or similar not have similar complaints about:
Gmail
Facebook
Twitter
Photo gallery
etc?
Every time my phone screen powers down, it needs to be unlocked before it can be used again. That’s good enough for me. I’m genuinely baffled by the “but when I give my phone to other people…” argument as the same also applies to the apps listed above. I wouldn’t want anyone accessing (and therefore potentially hijacking) my email, posting fake updates on my Facebook or Twitter, or freely scrolling through my photos - but I don’t want ever individual thing locked. I simply just don’t hand my phone over to be used unsupervised.
Am I unusual in this? My phone in and of itself is so inherently important to me that I’d no more hand it over freely than I would my wallet. And as I say, I protect the phone itself so it locks when not in use. If every single app also had its own individual lock - Monzo included - then the increased friction would start to frustrate me. Indeed, my other banking apps are something of a chore to use due to their ‘security’ features, and one of them has locked itself (I think because I didn’t use it enough) and needs faffing around with their site from my desktop to reauthorise it, Guess what - I haven’t yet.
tl;dr Monzo’s current functionality suits me just fine.
13 Likes
Yes my Outlook has a pin, my Facebook and Twitter have a password…so why not Monzo
2 Likes
Well said that man, I could not agree more 
3 Likes
I still don’t understand why it is such a bad idea to have an option similar to iPhone. Bottom line is - if you have your phone unlocked - accidentially or not, you can transfer money to yourself without further security - all it takes is you being a contact on the phone.
It is an effin financial app - if it would be just about looking at transactions etc., fine - I don’t care - but you can transfer money at a single click …
Even the amex app has additional security and you can’t even transfer money with it.
1 Like
Any time an app gives me the chance to protect it I turn it on. Rather than apps having to choose to include it, I think it would be great to have it built into the OS. Extra view under security where I can turn on TouchID/PIN security for apps. In the same way I can limit mobile data.
I’d feel much happier letting my sons play games on my phone if I knew they couldn’t open a majority of the apps. I know guided access exists but that’s not always useful when they change games every 30 seconds.
Even my reddit app has TouchID/PIN to open it. I think it’s reasonable to expect a financial product to cover all bases when providing an element of security.
2 Likes
Meh, the security provides the privacy.
3 Likes
The semantics matter here because a) the app isnt insecure (so security doesn’t need to be improved - or at least it doesn’t based on the discussion we’ve had so far) & b) you can use different approaches to manage privacy vs security.