Monzo Desktop App - WIP


(Andre Borie) #41

Non of the keys that are stored in the keychain are readable in plain text, they need to be decrypted with salts that are built into the binary itself.

The tokens can always be extracted, and the attacker can then reverse-engineer the hashing by downloading the binary on their own machine and reversing the encryption. :wink:

I think on the Touch Bar MacBooks you could set some attributes on the keychain entries to enforce Touch ID before revealing the tokens, which would make it actually secure by having the OS enforce that, no matter which app is trying to access the tokens, as long as it doesn’t have root access.

Either way, it’ll be 100% optional - If you don’t want that extra step, you don’t need to!

:heart:


(James) #42

As I said, not bulletpoint - I do appreciate people questioning the security though! If you see room for improvement then please do shout (or DM me)!

Fantastic idea, had noticed the APIs - I’ve added it to my notes to investigate when I get to the point of putting a wall in front of the app! Thanks again :heart:


(James) #43

Todays priorities has been getting things ready for the first round of testing :heart:

  • Enable "Check for updates… functionality
    • Pending preferences pane to allow opt-in for beta builds too (Obviously the first one will be beta anyway)
  • Add “Submit Feedback” dialog which allows you to report bugs, suggest ideas and provide general feedback
  • Add a system for detecting crashes and exceptions, allowing for those sorts of bugs to be fixed much quicker! :rotating_light:
  • Renamed the app, replaced the app icon and other minor tweaks
    • This change was asked for by Monzo staff, as it looked too official
    • This hasn’t been completely confirmed yet, and is subject to change

Also for the sake of convenience, I’ve set up a super quick Google Form in order to receive beta builds! :bug:

The application is being built to be as simple to use as possible, so this is limited to just technical people - but as with any totally new application you can expect to see issues especially in the first betas! :see_no_evil:

I’ve sent a handful of builds of a “read only” version to people on the developer Slack and am already fixing some issues and making many improvements! Very exciting, and the feedback has been amazing :heart:

  • Preferences and OSS Acknowledgements pages have been added
  • Images have been compressed reducing overall application size
  • Updated some of the documentation within the app
  • Defined placeholders throughout the application
  • Fixed the app icon I made earlier because it wasn’t centered and it was really annoying me
  • Added a hover state and pointer cursor to make it more clear transactions are tappable!

(James) #44

Some big changes this evening as I change focus a little bit, having discussed with friends I worked out if I bought some things forward (work that was planned as part of beta 2) then it would make other things go a lot quicker!

As such I’ve transitioned all transactions to a new system which allows for caching, easier refreshing, and most importantly live updates of UI when you make changes!

  • Introduced drag and drop image/attachment upload on a single transaction
  • Allow users to delete attachments
  • Speed increase to transaction list view
  • Support all currencies in all places (meaning support for non-GBP accounts)
  • Fixed issue where help messages didn’t marry up with actual checks (causing confusion)

Might not sound a lot, but under the hood a lot has changed and it should make further changes much easier!

Also big thanks :heart: to the couple of alpha testers who have been looking at the “read only” build and reporting issues! Will be contacting more people soon enough!

Update 6th July

  • Added support for keyboard shortcuts throughout login flow (Copy, Paste, Select, etc)
  • Basic account switching functionality without needing to reboot the application
  • Use cached transactions to speed up initial launch, only waiting for newer transactions before showing
  • Modifications to Keychain means fewer requests to unlock your keychain (prevents about 5 alerts on startup)

Refresh and account switching work is still pretty basic and will evolve through the next few betas to make it quicker and more reliable!


#45

Great work :+1::+1::+1:


(James) #46

England are not the only one bringing it home! :soccer:

Done today:

  • Transfer money between Pots and Account, and vice versa
  • Update Category is now functional (including mass edit transactions :raised_hands:)
  • “hide_transaction” and “hide_amount” metadata is now respected
  • Made the location of a transaction tappable (opens in native maps)
  • Update Notes is now functional (including from mass edit :wink:)
  • Started rewriting a lot of my network calls to make them more clear and easier to scale
  • Mass Upload Attachments
  • Account/Pot Picker for Transfer Funds

I’ve uploaded some new screenshots to the link in first post :heart:

Edit:// Finished pretty much the main functionality, so going to start prepping the next release!

:heart:


(James) #47

Having a lot of great feedback and successes using the beta version of the app which is great to hear. I’ve also created a public GitHub project in order to make it clear some of the things I’m working on and let people contribute original ideas, feedback on existing things or just plain bugs!

Happy with the number of testers for now, but will happily send it on to more people once I’m ready with the third build containing even more functionality and hopefully some nice design improvements!

:heart: Thanks again for all the love and support


(Liam Norris) #48

This looks incredible, simple and very elegant… Amazing work James


(Jamie) #49

looks good, I’d definitely be interested in this, if you need any testers then give me a shout! :slight_smile:


#50

Great effort, was thinking of doing something similar myself. Would be interested when you want more testers