Monzo with Friends: New Monzo iOS Update Out Now

Hope this is the best place for this pedantic bug report. I’m on iOS, v1.9.1.

In the Contacts tab, the “Contacts on Monzo”, and “All Contacts” headers are currently pinned to the viewport rather than the list below - so they remain visible when scrolling and overlap contact names. Could this be changed so that they scroll out of sight as expected?

A single list header remains visible while you’re scrolling, right? I wouldn’t expect it to scroll out of site personally, I think this is a design choice & it doesn’t get in the way for me (on an iPhone 6S)…

Hi Alex, thanks for the screenshot - leads me to wonder whether the fact I’m still on iOS 9.3.3 is the issue - I don’t have the white “header row” behind All Contacts - it’s simply transparent, which doesn’t look great when it overlaps with contact names. Screenshot here.

1 Like

Is your phone jailbroken?


Nope. iPhone SE, on vanilla 9.3.3 (by choice - avoiding iOS 10 for the moment!).

I think this topic should have its own thread under GDPR, as an Android user I’d never have found it if I hadn’t messaged the Admins via the app.
I’m still extremely concerned by what happens here.
Your customers ( e.g. me) are caught by the effects of GDPR upon them, (I.e. your customers’ employers) IF they have any business contact data on their phones. Put another way, my contacts are somebody elses’s personal data. They own it, not me, and they now determine what can happen to it and must be told if it is used without their consent.
From reading this explanation, their data is used in some way, to create whatever a hash is and then matched with a larger has from someone else’s personal data.

I run a head hunting business with some extremely sensitive contact data on my phone, yet my business makes no provision for this in its GDPR declaration, how can it? I shudder to think what my contacts would think if they knew their data is being used by a fledgling bank (that must be considered at financial risk as it is not making profits and still making cash calls on its shareholders).
Honestly, I am alarmed by phrases such as (can’t remember exactly) “we will not contact your contacts without your consent” implies you have the ability to contact them and “if Monzo shares / benefits from their data with third parties…” reinforces the belief you have access to their data.
It looks to me as though you are putting your customers and their employers at risk of breach of GDPR without their knowledge. The minimum I think you should do is seek legal clarification and clearance from reputable and suitably knowledgeable solicitors (or barrister) to reassure us that us, your customers, and our employers are not at risk.
I believe this to be urgent and I hope you will give it the highest priority.

You probably should look up what a hash is and read about the hashing process used as you could have saved yourself a long irrelevant post.

Could you reference where you have seen such phrases, as I can’t recall Monzo ever implying that they have access to our contact data in a way they can use it. I’d be interested to understand this further.

On the issue more generally, if you have these concerns you should to start with deny Monzo access to your contacts (the first time it tries to access them, your phone should put up a dialogue asking for Monzo to have permission). Then, once (if?) you are satisfied with how Monzo handles these data, you can enable it in the future.

Also, as a warning if you’re worried about sharing your contacts’ data with third parties (which I agree is a legitimate concern, and one I share): many chat, social network, and other apps will demand access to your contacts, and they do upload all details to a server in a way that the service can see and use these details (unlike Monzo’s approach where they essentially have a list of random strings). You need to be very careful what apps you use, and which you grant permission to access your contacts.

It’s highly relevant. Anything involving the use of my customer’s data is relevant to my business, including the creation of new streams of data.

I’m not an expert, but the training I’ve had on GDPR has indicated that it’s about other people’s personal data. A random set of characters derived from their personal data is not in itself their personal data because:

  1. It can’t be tied back to them, except by yourself (who already hold the personal data).
  2. It is meaningless to them. You could put the string on the front page of your website, and no one could do anything with it.
1 Like

I guess I’ll put it here as well, but is there any chance of hiding the “invite” contacts bit? It makes Monzo look more like a social media network than a bank.

A mixture of a message exchange with the customer service teams, the first post on this thread and the 2017 report and accounts

Additionally Monzo themselves only store the hashes of people who are already customers.

The app on your phone generates a hash, and then only sends part of it to Monzo. Monzo then responds with matching full hashes which are compared on-device, none of which could be considered personally identifiable.

Monzo have stated that they will allow you to use the payments page without having “payments with friends” turned on, which will alleviate the concerns anyway.


If you’re talking about this statement:

If you read the rest of the post, it’s clear that Monzo never transmit any contacts’ personal data off of your phone. The statement about them not getting in touch without your permission is to let you know that they’re also not going to start using the contact data from within the app on your phone to contact people. But this post is very clear that personal data from your contacts does not leave your phone (for this feature, at least).

I think that Monzo could/should post a statement about how they treat data like your contacts and photos (basically anything they ask access to) on their Transparency page.

There’s a link at the bottom where you can post a request for further topics to be considered for the page.

1 Like

Nobody is an expert on GDPR, because nobody has been sued under it yet. The indisputable point here is that, no matter how or where it happens, Monzo (an unknown third party as far as contacts on my phone are concerned) has matched data on my phone with data on lots of other phones and returned one of two results, both of which are new data.
Either my customers (and in return I) have a Monzo bank account, or my customers don’t have a Monzo account. This is NOT information I should have of my customers - either clients or candidates, and it was not given to me by my customer.

Yes, this is a good point. Though in this case it would be Monzo contravening the regulations (essentially providing someone else’s personal information to you, without their permission). There is a thread on GDPR, but it hasn’t got very far.

I think we are going to see more people separating their work and personal phone life.

I did this a while ago and keep separate contact databases for work and friends.

Maybe monzo could explicitly state that if you turn on payments with friends you are giving permission for your has to be matched?

Not sure why not? When you enable P2P payments (they are disabled by default and opt-in), Monzo makes it clear that you will a) be able to see who of your contacts has Monzo b) vice versa. That would presumably be within GPDR as you are agreeing to those terms?

I mean it says “People with your phone number will be able to see you are on Monzo”:


And I know the details of how this works have already been discussed but here is the explanation of how it works:



Good point. Only those who have opted in will show up on your contacts list, and by opting-in, they are giving permission for this information to be shared.

1 Like

I’m pretty certain that I can’t give consent on behalf of my customer to share their data. So I have no right to know that they have a Monzo account.