Monzo app includes Google Ads and Google/Facebook tracking libraries

Regularly sending the I.P.

Whilst Monzo might only be using the data for what they say, as pointed out the regular traffic show more than necessary is being sent and processed.

OK. Opinion then rather than knowing something extra, specifically?

Hence the words ‘look like’

Thanks for clarifying. I’m out of my element in web based stuff so I was trying to work out if there was something behind what you were saying that I was missing.

I reckon Monzo have to supply all or nothing to use the Facebook plugins.

But some people try to keep their online trail to a minimum , and that can be done with using privacy focused browsers etc, but constantly letting Facebook know about someone’s devices and locale is not something I think is ‘fair’

This seems… Worrying.

Particularly the on device free/used space numbers. This can be used as a very effective method of fingerprinting an individual user.

Thanks for raising this, all. So at the moment it seems we’re using the FB SDK “as-is”.
It’s quite possible that it is running more often than we would need it to, and perhaps operating in manners that aren’t necessary. We’re looking into it to find out, and will find out if we’re able to disable parts of it whilst still maintaining the behaviour we require.

Here’s a good example by the Met Office, giving privacy conscious users a way to disable analytics:

Screenshot_20190913-094121.png1080×1920 106 KB

Really keen on hearing the results of this - seems daft that you need to put FB code on my phone in the first place even for install tracking.

Monzo is free, if it’s free you’re the product.

Facebooks tracking libraries are free to Monzo too because customers are the product.

They like data.

A bank is not the same business model as an advertising company, so apples to oranges.

Any update on this more generally, @simonb?

Hey all

Thanks for the prod @BenLeo

Just followed up on this and we’ve managed to disable the Facebook SDK post-signup on Android

So, on Android now it calls the SDK once on signup (for the ad tracking which we mentioned before) and then disables it, so there shouldn’t be any calls to any Facebook APIs after you’ve signed up.

Once we’re 100% certain it doesn’t break anything that we need (we’re pretty sure already) then we can push the changes to iOS as well.

I’d like to say thanks to all of you who raised concerns over this behaviour. This was never anything surreptitious on our part, and I think this is a great example of the community both holding us to account and helping us to improve things. So a big thank you to you all!

What’s the behaviour on Android for people who previously signed up before this change - is it disabled now for them too?

Yep!

Nice

This is excellent news.

A big well done to Monzo for this. A legitimate issue was raised and Monzo fixed it.

Glad to see some movement on this, I brought this up multiple times on twitter with no success. I will look forward to seeing these changes in the iOS app.

However, I still have concerns about tracking in the Monzo app:

1. The ad tracking on sign up should either be non existent or shared upon explicit extent
2. What about the rest of the trackers in the iOS app? - Crashlytics/fabric/answers, Google Maps, the various Firebase libraries

Wonderful news, thank you! Very happy.

Hi, how long until this change is made in the iOS app? - there have been at least 6 updates since this announcement and there are still multiple calls being made to graph.facebook.com.

I would also like to note that there are also still multiple requests being made to these domains: play.googleapis.com, reports.crashlytics.com, cloudconfig.googleapis.com, app-measurement.com - there may well be more; this is just what I’ve observed on some of the main screens/actions in the app.