Mobile App Discreet mode

I understand that popular Banking Mobile Apps provide this feature. This is used to mask key data when the user has logged out. The mode is turned on when the user is logged in.

The forum knows about this. But I just want to understand how the server API is involved in this. The mode is wholly controlled in the mobile devices ? Is that right ?

What is the technical opinion ?

Thanks.

I’ve only seen it in reference to N26. :thinking:

1 Like

Royal Bank (and I presume NatWest) do it too

2 Likes

Other banks have started this too. We assume that this is a state maintained entirely in the mobile application. Since this deals with security and masked data when the user is logged out I am just being cautious.

I’m not sure what you mean. This is to make the numbers illegible when the app is open and on your screen. If the app is closed and you’re not authenticated then there’s nothing anyone could see anyway?

1 Like

So the user logs in and sets up this mode. The mode is setup in the mobile app without involving the server. The requirement is to allow the user to log out of the server but still view some masked details quickly. The idea is that this will help the user to quickly view some balances. These details are visible only for a short period of time. They vanish after that.

The mobile application is not closed. If it is closed the state is cleaned. The preferences does not last once the application is closed and opened again.

Thanks.

I still don’t get it, but in any case we’re just a bunch of fintech enthusiasts here with zero input to what banks end up doing – might be better providing this as feedback to a bank of choice?

1 Like

This does feel very niche and technical and, as such, the topic may not get too much of an airing. There maybe developer forums where the conversation can evolve. Good luck with it, anyway.

1 Like

My guess would be that the application is in some kind of “suspend” state, kept in memory but not active.

I don’t have enough technical knowledge about the systems of banks or app development to really know if that is actually the case, though.

I think that’s what you mean if you are talking about how banking apps quickly “cover” the screen when you go into multitasking.

If you are talking about something else, like HSBC Fast Balance style functionality, then that is not independent of the bank’s servers. That works by authenticating the device and registering it with the bank as a trusted device first of all. Setting up the Fast Balance functionality then uses some kind of token to identify the authenticated device to the bank, and it refreshes the balance by connecting to the bank severs with this authenticated token only (not the usual login procedure) in the background. Essentially, it is not authenticating the user, only the device. This does create a potential privacy risk but it is one the user has willingly opted-in to by setting up the feature.

2 Likes

This is done on device, and the implementation for banks will generally be the same as any other app that wants to hide the content in the app switcher.

Fairly simple to implement, and won’t require any server-side changes, or even require a connection to the server.

More here:

https://developer.apple.com/library/archive/qa/qa1838/_index.html

Other obfuscation features like that offered by N26 are likely to be achieved in a similar way, albeit activated by a toggle, rather than application state. All it’s really changing is how the app renders and styles it’s content.

You could have a flag for this that will save the state server-side so it persists across sessions, but the actual heavy lifting will be done on device, locally in your app or browser.

2 Likes

So here’s the daft question from someone who’s never previously come across the terminology - what’s the point ?

The app switcher seems an obvious one for me, nobody can glance at what your balances are over your shoulders when switching apps or if they have your phone and swiping through the app switcher (I’d never allow that)

The obscuring details when the app is open is one I don’t understand. I’ve seen it marketed as “you can show off all the amazing features without revealing your finances” but I don’t know anyone who would get excited over an app and want to see. Plus it can very easily be untoggled too.

3 Likes

Obscuring the app switcher I think is just good practice.

Some sort of scramble mode is very handy for fixing bugs. I’ve reported a few things to Emma and I just toggle scramble mode and then can do screenshots without worrying about personal data or obscuring details.

3 Likes

Ok. How does it work in practice, ie, what does the user see?

Fake data - all amounts, balances, transaction names etc just turn into nonsense gobbledygook, but the look and all the bits of the app still work

2 Likes

That’s basically how I had always guessed multitasking worked, although I hadn’t read the documentation.

Mobile OSes like iOS obviously use very aggressive memory management techniques (not least because a lot of iPhones have very little RAM) so the way multitasking presents effectively a screenshot in the app switcher while being able to unload the app entirely if low on RAM makes sense. This is just taking that idea and changing what gets presented in the switcher, so it is like a pre-defined screenshot with no personal details.

As you say, it’s not that technically complicated at all so it definitely makes sense for banks to implement it.

1 Like

The Coinbase app is a great example of how to do this. Open the app, long press on your Portfolio balance amount and:

All values that are specific to your account are hidden. It still shows the value of crypto ‘coins’ and their increase/decrease, but hides everything personal. A good implementation.

3 Likes

That is quite slick, but I still think these features are more gimmick than genuinely useful.

Especially with Face ID being so quick and easy (as long as you are not wearing a mask) authentication is simple and there is usually no need to hide the data.

It’s not completely useless, just a fairly niche feature.

3 Likes

Or wearing a watch whilst donning a mask! Functionality I was hoping they’d expand system-wide. If it’s good enough to bypass your password system-wide on the Mac, it’s good enough to get the same functionality on iOS.

1 Like

Agreed, I was really intrigued when iOS 14.5 beta 1 came out and the feature sounded great. Then I realised it was actually quite limited.

It’s a shame.