Login fails when Monzo app is locked


#1

On Android lineagOS 14.1, using Avast Pro anti-virus.

I have ‘locked’ Monzo (and my gmail app) using Avast, which means I can’t open the Monzo app without entering a pin. So far so good, and all working well.

If I log out of Monzo, and then log in again, you send me an email and I have to press the button in the email. This fails to work if the app is locked when I enter the avast lock pin, and I end up in an endless loop, failing to log in. I have therefore unlocked Monzo for now, and all is well again.

There are several ways people can lock apps on mobiles - Avast is just one. You may want to look at this type of scenario and see if you can find out what the problem is.


#2

If Monzo had a pin so we did not need to resort to Avast or Norton App Locker to make up for the lack of any privacy setting in the Monzo app it would be a great enhancement


#3

Does anyone from Monzo have a comment on why having an avast lock on the app prevents top-ups?


(Alex Sherwood) #4

It looks like you’ve answered your own question :slight_smile:

it sounds like that interrupts the authentication process so perhaps you can set Avast to only require a PIN after x minutes? Which would hopefully solve the issue.

If not, it’s worth noting that users who use the Norton app haven’t reported this issue so you could try their app instead, although I appreciate the fact that you might not want to add another app for this…

You might be able to just leave the app unlocked & use guest accounts when you give your phone to others too?


#5

Maybe comparing Norton and Avast perhaps one uses an overlay (which is regarded by many as a potential risk factor) and that leads to the issues seen


#6

depending on OS version…older Android versions don’t have this yet the user may not be able to upgrade OS due to a newer version not being signed off for that model of device


(Alex Sherwood) #7

Good point, if you haven’t updated your OS since towards the end of 2014, you won’t be able to use this feature (& your device is exposed to lots of security vulnerabilities).

Edit - Andrew’s just pointed out that this is irrelevant.


(Andrew Schofield) #8

Given the Monzo Android app requires Android 5.0 (lollipop) or above, any device with Monzo installed will support guest mode.


#9

I don’t understand in what way I’ve answered my own question - could you please clarify.

Unfortunately the Avast lock doesn’t include a time delay. Changing security apps for the sake of one app that has a problem is something I’m quite unlikely to do - I’d probably get problems somewhere else.

I’ve never given my phone to someone else, and don’t expect to any time soon. However, someone could nick it, and in my view any extra layers of security on financial apps are worth having.


#10

And this is the one and only app out of 30 or so on my phone that has a problem with locking.


#11

I have a Samsung with 6.0.1 and it does NOT have a guest mode but another Samsung with 4.4.4 that does!


(Alex Sherwood) #12

The answer seems to lie in the behavior that you’ve described.

That’s a shame, I totally understand your reluctance to switch / adopt another app for this.

It’s worth mentioning that Monzo see protection for the app as a privacy, rather than a security feature & the lock on your phone itself should be sufficient protection. Bearing in mind that in the unlikely scenario that someone steals your phone & bypasses it, Monzo will be liable (bearing in mind their T’s & C’s of course) for fraudulent use of the app.

Lastly, this problem will go away (for most users) once fingerprint protection is added to the Android app.


(Andrew Schofield) #13

OK, maybe I should clarify with “if your handset manufacturer doesn’t intentionally cripple your device” (for the marshmallow one). The KitKat device will have a bespoke implementation not part of the underlying OS.


#14

I give in. I’ve no idea in what way I have found an answer to what appears to me to be a problem with the Monzo app. I was hoping for someone at Monzo looking into the problem and seeing if they could find a fix for their app.

I am also puzzled as to the discussion has spent quite a bit of time on android versions and guest accounts (I’m on LinageOS 14.1 as stated in the 1st post).


#15

Thinking about the security of this app, Monzo really should consider adding at least an optional Pin to access it. I can log in with no security at all (unless I lock my email client), and transfer money out. So this is not just a privacy issue. Relying on users to protect their phones is not, in my opinion, enough. As far as I know no other banking apps are as open as this. It is real money after all.


(Alex Sherwood) #16

That’s one for this topic :slight_smile: where hopefully, you’ll find find that your concerns have been addressed -