Monzo Desktop App - WIP

Non of the keys that are stored in the keychain are readable in plain text, they need to be decrypted with salts that are built into the binary itself.

The tokens can always be extracted, and the attacker can then reverse-engineer the hashing by downloading the binary on their own machine and reversing the encryption. :wink:

I think on the Touch Bar MacBooks you could set some attributes on the keychain entries to enforce Touch ID before revealing the tokens, which would make it actually secure by having the OS enforce that, no matter which app is trying to access the tokens, as long as it doesn’t have root access.

Either way, it’ll be 100% optional - If you don’t want that extra step, you don’t need to!

:heart:

2 Likes

As I said, not bulletpoint - I do appreciate people questioning the security though! If you see room for improvement then please do shout (or DM me)!

Fantastic idea, had noticed the APIs - I’ve added it to my notes to investigate when I get to the point of putting a wall in front of the app! Thanks again :heart:

3 Likes

Todays priorities has been getting things ready for the first round of testing :heart:

  • Enable "Check for updates… functionality
    • Pending preferences pane to allow opt-in for beta builds too (Obviously the first one will be beta anyway)
  • Add “Submit Feedback” dialog which allows you to report bugs, suggest ideas and provide general feedback
  • Add a system for detecting crashes and exceptions, allowing for those sorts of bugs to be fixed much quicker! :rotating_light:
  • Renamed the app, replaced the app icon and other minor tweaks
    • This change was asked for by Monzo staff, as it looked too official
    • This hasn’t been completely confirmed yet, and is subject to change

Also for the sake of convenience, I’ve set up a super quick Google Form in order to receive beta builds! :bug:

The application is being built to be as simple to use as possible, so this is limited to just technical people - but as with any totally new application you can expect to see issues especially in the first betas! :see_no_evil:

I’ve sent a handful of builds of a “read only” version to people on the developer Slack and am already fixing some issues and making many improvements! Very exciting, and the feedback has been amazing :heart:

  • Preferences and OSS Acknowledgements pages have been added
  • Images have been compressed reducing overall application size
  • Updated some of the documentation within the app
  • Defined placeholders throughout the application
  • Fixed the app icon I made earlier because it wasn’t centered and it was really annoying me
  • Added a hover state and pointer cursor to make it more clear transactions are tappable!
9 Likes

Some big changes this evening as I change focus a little bit, having discussed with friends I worked out if I bought some things forward (work that was planned as part of beta 2) then it would make other things go a lot quicker!

As such I’ve transitioned all transactions to a new system which allows for caching, easier refreshing, and most importantly live updates of UI when you make changes!

  • Introduced drag and drop image/attachment upload on a single transaction
  • Allow users to delete attachments
  • Speed increase to transaction list view
  • Support all currencies in all places (meaning support for non-GBP accounts)
  • Fixed issue where help messages didn’t marry up with actual checks (causing confusion)

Might not sound a lot, but under the hood a lot has changed and it should make further changes much easier!

Also big thanks :heart: to the couple of alpha testers who have been looking at the “read only” build and reporting issues! Will be contacting more people soon enough!

Update 6th July

  • Added support for keyboard shortcuts throughout login flow (Copy, Paste, Select, etc)
  • Basic account switching functionality without needing to reboot the application
  • Use cached transactions to speed up initial launch, only waiting for newer transactions before showing
  • Modifications to Keychain means fewer requests to unlock your keychain (prevents about 5 alerts on startup)

Refresh and account switching work is still pretty basic and will evolve through the next few betas to make it quicker and more reliable!

8 Likes

Great work :+1::+1::+1:

1 Like

England are not the only one bringing it home! :soccer:

Done today:

  • Transfer money between Pots and Account, and vice versa
  • Update Category is now functional (including mass edit transactions :raised_hands:)
  • “hide_transaction” and “hide_amount” metadata is now respected
  • Made the location of a transaction tappable (opens in native maps)
  • Update Notes is now functional (including from mass edit :wink:)
  • Started rewriting a lot of my network calls to make them more clear and easier to scale
  • Mass Upload Attachments
  • Account/Pot Picker for Transfer Funds

I’ve uploaded some new screenshots to the link in first post :heart:

Edit:// Finished pretty much the main functionality, so going to start prepping the next release!

:heart:

9 Likes

Having a lot of great feedback and successes using the beta version of the app which is great to hear. I’ve also created a public GitHub project in order to make it clear some of the things I’m working on and let people contribute original ideas, feedback on existing things or just plain bugs!

https://github.com/Sherlouk/Morezo

Happy with the number of testers for now, but will happily send it on to more people once I’m ready with the third build containing even more functionality and hopefully some nice design improvements!

:heart: Thanks again for all the love and support

12 Likes

This looks incredible, simple and very elegant… Amazing work James

3 Likes

looks good, I’d definitely be interested in this, if you need any testers then give me a shout! :slight_smile:

1 Like

Great effort, was thinking of doing something similar myself. Would be interested when you want more testers

1 Like

Great effort!

I am interested in this, any updates?

How are you handling authentication for this and also the notes by Monzo about not being a production API and having public users use your app?

I am thinking of building a tool also but concerned about Monzos view on these types of apps.

1 Like

Hey Conor,

Just replied on Twitter - great to see your interest!

Authentication is handled completely in app (apart from the mandatory email link) as apposed to jumping out to Monzo’s solution. I’ve not had any fuss about this from Monzo themselves, but that’s not to say they won’t try to avoid people doing it moving forward.

The notice about “this not public, don’t do public apps with it” is more of a warning in my opinion. Monzo have realistic limitations (like only collaborators, etc) to prevent excessive public apps.

I am in communication with Monzo and they seem to be quite happy with what I’ve produced (mostly) but I’ll be sure to let you know if that changes! :grimacing:

It’s worth noting that I’m building this completely in the mind that APIs will completely change and probably break massive parts of this. E.g. Pot Goals were broken for a while, but luckily this was recently just fixed by Monzo after I (and a few other people) raised the issue!

Hey James, Is development still ongoing on this application? I really like the look of it and would be keen to test it out if youre still working on it? thanks

1 Like

Hi Stephen,

I’ve had quite a few people asking for the functionality I’ve been providing but on Windows and Linux too but this wasn’t possible with the native approach I took and didn’t particularly fancy going down the route of a universal platform.

With that in mind I’ve changed direction a little and am working on an equally powerful (actually more so, in ways) online banking experience!

More information will be provided once it’s ready!

Thanks

6 Likes

Any chance to get the source code of the native macOS version? If you don’t want to work on it I’m sure someone else would like to pursue the adventure.

Unfortunately I don’t plan on doing this, as mentioned throughout this thread and other discussions the whole project started as a challenge to myself as I’d never done macOS development before. I made quite a few mistakes which made it incrementally more difficult in places as I continued, I wouldn’t want to use it as teaching material or even a platform for other people to improve on unless I was to do some major refactoring!

Learned a lot, and have already been putting it to use in a different app (not fintech related)!

4 Likes

This looks great!

1 Like

Is this project still alive? I’d love to give it a spin as well :slight_smile:

1 Like

A lot of the major complaints I received was “but I don’t own a Mac!?” so I’ve been working on an online version in the background with more powerful capabilities.

To answer your question more directly though, the desktop version isn’t going to be updated - sorry about that!

News will hopefully follow :soon: about the other Monzo projects I have in the pipeline

9 Likes

If you are developing a web-based application for Monzo have you thought about using the Electron framework so you can quickly port the web based version to desktops for both mac and windows?