I understand that popular Banking Mobile Apps provide this feature. This is used to mask key data when the user has logged out. The mode is turned on when the user is logged in.
The forum knows about this. But I just want to understand how the server API is involved in this. The mode is wholly controlled in the mobile devices ? Is that right ?
Other banks have started this too. We assume that this is a state maintained entirely in the mobile application. Since this deals with security and masked data when the user is logged out I am just being cautious.
Iām not sure what you mean. This is to make the numbers illegible when the app is open and on your screen. If the app is closed and youāre not authenticated then thereās nothing anyone could see anyway?
So the user logs in and sets up this mode. The mode is setup in the mobile app without involving the server. The requirement is to allow the user to log out of the server but still view some masked details quickly. The idea is that this will help the user to quickly view some balances. These details are visible only for a short period of time. They vanish after that.
The mobile application is not closed. If it is closed the state is cleaned. The preferences does not last once the application is closed and opened again.
I still donāt get it, but in any case weāre just a bunch of fintech enthusiasts here with zero input to what banks end up doing ā might be better providing this as feedback to a bank of choice?
This does feel very niche and technical and, as such, the topic may not get too much of an airing. There maybe developer forums where the conversation can evolve. Good luck with it, anyway.
My guess would be that the application is in some kind of āsuspendā state, kept in memory but not active.
I donāt have enough technical knowledge about the systems of banks or app development to really know if that is actually the case, though.
I think thatās what you mean if you are talking about how banking apps quickly ācoverā the screen when you go into multitasking.
If you are talking about something else, like HSBC Fast Balance style functionality, then that is not independent of the bankās servers. That works by authenticating the device and registering it with the bank as a trusted device first of all. Setting up the Fast Balance functionality then uses some kind of token to identify the authenticated device to the bank, and it refreshes the balance by connecting to the bank severs with this authenticated token only (not the usual login procedure) in the background. Essentially, it is not authenticating the user, only the device. This does create a potential privacy risk but it is one the user has willingly opted-in to by setting up the feature.
This is done on device, and the implementation for banks will generally be the same as any other app that wants to hide the content in the app switcher.
Fairly simple to implement, and wonāt require any server-side changes, or even require a connection to the server.
More here:
Other obfuscation features like that offered by N26 are likely to be achieved in a similar way, albeit activated by a toggle, rather than application state. All itās really changing is how the app renders and styles itās content.
You could have a flag for this that will save the state server-side so it persists across sessions, but the actual heavy lifting will be done on device, locally in your app or browser.
The app switcher seems an obvious one for me, nobody can glance at what your balances are over your shoulders when switching apps or if they have your phone and swiping through the app switcher (Iād never allow that)
The obscuring details when the app is open is one I donāt understand. Iāve seen it marketed as āyou can show off all the amazing features without revealing your financesā but I donāt know anyone who would get excited over an app and want to see. Plus it can very easily be untoggled too.
Obscuring the app switcher I think is just good practice.
Some sort of scramble mode is very handy for fixing bugs. Iāve reported a few things to Emma and I just toggle scramble mode and then can do screenshots without worrying about personal data or obscuring details.
Thatās basically how I had always guessed multitasking worked, although I hadnāt read the documentation.
Mobile OSes like iOS obviously use very aggressive memory management techniques (not least because a lot of iPhones have very little RAM) so the way multitasking presents effectively a screenshot in the app switcher while being able to unload the app entirely if low on RAM makes sense. This is just taking that idea and changing what gets presented in the switcher, so it is like a pre-defined screenshot with no personal details.
As you say, itās not that technically complicated at all so it definitely makes sense for banks to implement it.
All values that are specific to your account are hidden. It still shows the value of crypto ācoinsā and their increase/decrease, but hides everything personal. A good implementation.
That is quite slick, but I still think these features are more gimmick than genuinely useful.
Especially with Face ID being so quick and easy (as long as you are not wearing a mask) authentication is simple and there is usually no need to hide the data.
Itās not completely useless, just a fairly niche feature.
Or wearing a watch whilst donning a mask! Functionality I was hoping theyād expand system-wide. If itās good enough to bypass your password system-wide on the Mac, itās good enough to get the same functionality on iOS.