Application opens without any authentication

Issue:
Default post install state - The application opens without any authentication. No pin or any other auth is required to open the app to gain full access to the account.

If a person looses their phone, they also loose their finances.

Details to reproduce:
Tap it, app opens revealing full access to account.

OS:
Android 8.0.0
Device:
Samsung Galaxy sm-g930f

App Version:
2.65.2

Screenshots:

You can’t transfer any money out without entering your PIN or biometric

New install requires SCA and you can enable an app lock if you wish

5 Likes

Whats SCA? and don’t you think that a successful authentication should be required by default to open the application?

No other banking app that I have come across will allow anyone to see balances, transactions etc without first authenticating.

Enabling things after install is not a good security policy. The average user is not aware of the threats and trusts that Monzo know what they are doing. I know people who have no lock on their phone and leave it laying around.

Strong customer authorisation. You need to enter your PIN to open the app after installing it

All other banks let you move money once you’ve logged in, Monzo requires authorisation at that stage.

I don’t know anyone who doesn’t have a lock on their phone. That would expose your email account which is a lot more dangerous than seeing where you shop

3 Likes

There’s plenty of discussion on this elsewhere. Please use the search before creating new threads about old topics.

3 Likes

What is your interest here? Are you an employee of monzo or just another customer?

You seem more interested in fencing with me than anything else.

I’m not here to argue or debate with you, i’m here to report a bug / misconfiguration.

If this is the kind of response issued to a commercial client when a concern is raised then this does not look good for Monzo.

Not a bug. Monzo have configured it this way, you can change that configuration if you’d like.

1 Like

It’s not a bug, it’s a feature and it’s actually a big reason why I and many other use Monzo.

By removing the friction of logging in to your account you’re more likely to check your balance and keep on top of your finances.

If you want to actually move money out of the account you’ll need either your pin number or biometric authentication. You’ll also be occasionally challenged for a pin or biometrics in general use.

If you’re concerned then you can turn the app lock on in the settings.

8 Likes

This is a community forum. The Coral Crew are not employed by Monzo.

You’re right, there is no need to argue or debate this matter, as it is neither a bug or a misconfiguration, merely a matter of choice.

6 Likes

2 replies, one of which was replying to you asking what SCA was!

jeez…

6 Likes

Yes, I do wish you’d stop being so helpful. Must be all that cash money Monzo keeps paying you, keeps you eager… :rofl:

2 Likes

That you don’t agree with a design decision doesn’t make it a bug.

Hi there John :wave:

As other users have mentioned, this is neither a bug nor a misconfiguration. It’s an intended design / UX choice.

Our app is designed in such a way that you would need to know the PIN to actually take any notable action within the app. However, if the user would like to enable additional security for their own peace of mind, we have the option to enable fingerprint unlock or FaceID.

It’s perhaps worth pointing out that in an investigative report, the BBC considered our security to be above all other banks in the UK.

8 Likes

Thank you for your response Simon, May i respectfully suggest that you consider moderating this bug report forum in future as the aggressive and adversarial responses before yours to my attempt to help has left a bitter taste. Word of mouth is a powerful marketing tool and a switch to a competitor is a few taps away and others may be discouraged from seeking help or reporting bugs in future, I know I wont bother.

I am a developer who regularly uses bug trackers and this is a bit of a farce.

I am grateful for you cordial and constructive response however I can assure you that the BBC have nothing to do with concerns, only that when comparing with Bunq and Revolut, Monzo leaks the most personal information and uses the least amount of preventative security.

Cheers and best of luck in the future.

Hi @johnsmith12. You may wish to familiarise yourself with the community code of conduct, particularly:

Forum Etiquette :memo:
We avoid:
Responding to a post’s tone instead of its actual content.

The replies you got were polite and factual, and I think you were reading a tone into them which was never actually there.

best regards

6 Likes

For future reference the bug report forum is actually located here Bug Reports

It got moved out of there as it isn’t a bug.

6 Likes