Security (iOS): Touch ID auth only required when opening the app for the first time


(Marcel Ruhf) #1

Hi there,

I have originally posted this in another thread in the Ideas section, but after seeing that some people appear not to experience this while others (including myself do), I think it is more appropriate in this section, so here it comes.

(This is in regards to the iOS app)
I have noticed that after opening the Monzo app for the first time in a session (with which I mean a continuous period of time where the phone is switched on) and closing it (pressing the home button once), it does not ask you to authenticate again when re-opening it.

I am running iOS 11.2.2 on an iPhone 7 Plus, so no FaceID present (as it was suggested in the other thread that the authentication could have happened so fast that we wouldn’t notice).

Also, it seems like all details that were previously visible on the app can be view from the task manager when double-tapping the home button as well, rather then being hidden.

I would suggest changing this.

Cheers.


(Change Works) #2

I’ve just checked this on my iPhone 6 using iOS 11.2.2 and can’t replicate your problem. Maybe an iPhone 7 issue?


(Marcel Ruhf) #3

Just to be certain I disabled and re-enabled the Touch ID Unlock toggle in the app’s settings and restarted my phone, and it seems to work as expected now :confused:
For some reason other apps were working as expected throughout, so I assumed it was something app-specific.

As far as I’m concerned, this is resolved :+1:
Thanks for everyone who chimed in (including the previous thread)!


(Peter McDonald) #4

I also have this issue however disabling and re-enabling Face ID has not resolved the issue. Face ID is only being checked on the app initially opening. If I restore from sleep it goes straight into the app. I have ensured that Face ID couldn’t see me well enough to activate.

I am on iOS 11.2.2 on an iPhone 10.

I even rebooted the phone to be sure but the problem persists. As with @MRMR all other apps are working as expected.


(Marcel Ruhf) #5

This seems to be a weird issue.


(Jolin) #6

Have you sent a message to in-app support about this? You’ll probably get more useful help that way as this sounds like a bug. Please do post here if you get/figure out further information. :pray:


(Peter McDonald) #7

Turns out this is a known issue that is expected to be resolved in the next release.


[Feature Request] App Switcher should hide contents of Monzo account
Security: Touch ID / Passcode when opening the app the second (or n-th) time
#8

I think that it would be useful if not essential for there to be a ‘security’ category!

I can access the app at any time without having to enter my pin (even after shutting down and restarting my phone) and it is a gaping security problem!

I also have a capital one card which has a 6 digit passcode rather than the 4 digit code used with Monzo and which automatically logs me out of the account after a set time. I’m also able to log out of the account myself which Monzo don’t seem to provide. Monzo need a similar level of security with their app I believe

I am also able to add funds from another account without reauthenticating which I consider to be potentially another security flaw!

How quickly is it possible to address these issues please


(Marcel Ruhf) #9

@G-D Is “Require Touch ID to unlock app” activated under “Account” >> “Settings”?
I’m just curious since I always had to use Touch ID when first opening the app with this option turned on (and rightly so).


(Dan Bennett) #10

Certainly check what @MRMR stated - but this sounds more like an odd bug you’re experiencing rather than a widespread issue.

If you do have “Require Touch ID to Unlock App” activated - try deleting the app and re-installing (which means doing the settings again…). Just to rule that out…!

If it still doesn’t work, raise this with the in-app chat?


(Peter McDonald) #11

As mentioned it is a known bug that should be fixed in the next update.


(Peter McDonald) #12

I have downloaded the new update that was released today. Unfortunately the issue persists. I have update the support chat to reflect.


#13

Hi guys. Exact same issue here, on a iPhone 7 Plus with iOS 11.3. Both Touch-ID related options are on but the Monzo app only asks for my touch id at the first time I open the app. I think this is a serious matter and it must be fixed as soon as possible. It is sad to see that this thread was created in January and still this bug has not been fixed as it compromises the app security.


#14

Not really. As long as your phone is locked it’s fully secure


(Marcel Ruhf) #15

This is a strange one - I had for a few days (while still on iOS) and then it magically disappeared. Logging out and reinstalling didn’t help.


#16

Best keep your phone in a safe though, to increase security. :roll_eyes:


(Danny) #17

I don’t have TouchID or a pin activated on my Monzo app coz I have TouchID already on my phone and I don’t leave it lying about unlocked :upside_down_face: :eyes:


(Will Stone) #18

I’m having this issue too: iPhone SE.

Basically the “Require touch ID to unlock app” doesn’t do anything unless I kill the app, but we shouldn’t need do that each time. My Halifax app asks for touch ID if I leave it and return, so I assume this is possible, and not a limitation of iOS.


(mxt321) #19

I have the same bug, iPhone 7, just updated to the latest Monzo app (incl. Summary), latest iOS: 11.3.1

I have also activated the “Touch ID to unlock app” setting, although for me this only works if I restart the app, not if I open it again from the app switcher.

This is a real security issue and should be addressed.


(Peter Shillito) #20

So I have an X and use Face ID for stuff like this. It seems to only be occasionally when I am not required to use Face ID to get back into the app, and it seems to be on a timeout (i.e. if I’ve not gone back to Monzo after like 2 minutes it locks)