I really like not having to wait for a spinning wheel to “authenticate” my device, tell me I’m offline (I’m not), crash, ask me for random digit’s from my unmemorable information and card number and then, finally, tell me my balance.
I agree, maybe there should be some more authentication for carrying out actions. I don’t necassaily agree that opening the app constitutes a need to authenticate. After all, I can open the Google Play app and browse my purchased content and that to buy. When I actually want to make a transaction or change some account information - I’m asked to authenticate. As long as you have a passcode on your phone I don’t think there is necassaily anything to be very concerned about.
It is now trivial to remote wipe devices and most are encrypted. There has to be a balance between usability and security otherwise we’d all be going around with air-gapped devices and USB ports filled with epoxy - Monzo != PNC or MOD database. (I speak as a developer and pentester!)
(Edit: my balance and transaction history is personal information and yes can be used as a social engineering tool, but if someone has got that far I think I should be more worried about what else they are doing with my contact list, email, social media etc. As long as they can’t carry out an action without further auth I see no real issue)