Many banks have tight security over their Android apps, two of the most common forms are:
Use of the SafetyNet API - AndroidPay uses this and it essentially blocks you from using an app in the event you are using a modified device unless you have Magisk also installed on your device. Non-modified users will likely never know this security layer is in place.
Pro: Very difficult to bypass for non-experienced users.
Con: Many users have legitimate reasons for modifying their devices.
Use of Flag_secure - This stops a user from taking screenshots of an app, it also prevents the app displaying content when viewed in the “recent apps” panel.
Pros: Stops someone who has access to your device copying sensitive information
Con: Would severely stunt the ability to share information intentionally such as the in-chat support.
I imagine in the future as Monzo increases in size and evolves there will likely be increased pressure to improve in-app security, while I don’t necessarily think the above are necessary at all I would like the ability to lock the app with fingerprint or pin. What do you guys think?