Turn off passcode/biometric access to app


#1

Privacy is great, but it’d be really useful to allow users to choose to turn off the need to enter a passcode (or use biometrics) to access the app. :lock: :freetrade:


#2

Agree but running out of votes :wink: and unsure what happens when there’s no votes left :upside_down_face:


(Jeff puckering) #3

Not sure I would want any app that can spend my money to not have some secure access


(Emma) #4

You’d still need pin or biometric to trade, just not to open the app


(Jeff puckering) #5

Fair point, but I am probably a bit more protective of my investment decisions and performance as particularly sensitive information, same as my bank account balance (or lack of it!)


#6

Would you object if it were on by default, but people like me could turn it off?

(For the record, I agree with @Rat_au_van, but privacy around finances tends to be emotional, so I’m not out to try to change anyone’s mind).


(Vladislav Kozub) #7

Spent my last vote on this :frowning:

@saf, once ideas get implemented, the respective feedback topics will be marked as ‘resolved’, closed and all votes will be returned.

Alternatively, you can unvote those ideas who you deem less vital and reprioritise your choices that way :slight_smile:


#8

Modern iPhones have finer print and facial recognition. It works with banking apps, etc. It really makes things like this easier if you’re sick of putting passwords in all the time.


#9

Oh I understand that.

But, for me, I’d rather not have an extra step. I’d want to authenticate before something can happen to my money, but not on just opening the app. That includes fingerprint or face recognition.

This is essentially privacy issue, rather than a security one, in my view. I’m not saying that you shouldn’t have this option - or even that it shouldn’t be the default - but I’d like to have the choice to remove it for the way I use my phone / secure my data.


(Eve) #10

I’d like the option to have the passcode removed. I have Touch ID/ passcode on my phone anyway, and don’t leave my phone lying around so privacy isn’t a problem for me.


(Jeff puckering) #11

No Objections for choice per-se. I still think privacy is a big enough issue though and im not sure giving people the choice to turn off some basic privacy controls is the way forward. thinking from a freetrade perspective I could see scenarios where data about people’s investments and habits could be very lucrative information al la Cambridge analytica. If this was easily accessible and became publicised it’s just bad media that isn’t needed.

Now I am all for making it as pain free as possible though, no passcodes just finger print/face recognition.

I was having a discussion with a colleague at work on Friday about younger people’s attitude to privacy and how I diddnt care about all my personal photos being on google photo app, even some docs kept on there etc. So to be honest I probably don’t care too much personally about choice as everyone has different places they draw the line when it comes to privacy but got to think about it from risk management of the company involved, just too much risk nowadays.


#12

I know what you mean, people are more open to sharing without considering who might be watching or listening.

But I think it doesn’t apply here because your phone has a Pin/TouchID etc, so adding another layer is basically locking out people who have access to that, and in my view if you have access to that, then your trust level is very high. So perhaps it doesn’t matter?


(Jeff puckering) #13

If you don’t have finger print/ face recognition then obviously a pin default is he option. But my overall logic is that I apply the same security rules on my phone as I would do to physical security. You can’t avoid all risks as there is often a way unauthorised people still get in through into an office even with security and badges. Which is why extra sensitive information goes into locked draws or rooms. The passcode on certain apps is my locked draw. And sometimes (when a company reputation is at stake) I am forced to use that locked draw. Ultimately for me this is a a risk/impact question for the freetrade team rather than a individual preference for he users. I’m not equipped to fully understand the risk (which is maybe why I am airing on the side of caution for this one).


#14

Some interesting thoughts!

I’m not sure that enforcing things is the right answer. Where do we stop? Make people use complex passwords? That’s been proven not to work. And, with respect, why should your risk appetite override mine?

I think this is to misunderstand the Cambridge Analytica issue. If my Freetrade data were either sold or were able to be misused by some form of developer API, then I’d be very worried. What we’re talking about here is a passcode / biometrics to look at the app - that’s not how Cambridge Analytica got their data! I can’t see how my choice to have the Freetrade app open without authentication would lead to a Cambridge Analytica scenario.

I’m not sure how this relates to app-based security. Yes, people have different views on use of cloud services. But cloud per se isn’t unsafe. And Freetrade uses similar tech in the backend. I’m just not sure of the point you’re trying to make here, particularly around age. :thinking:


#15

@Jeff thanks, you got me thinking, if you have my unlocked phone, can you gain access to the app without the access code. It’s a bit elaborate but seems maybe you can.

I’ll send over a report to Freetrade.


(Alex Sherwood) #16

This discussion’s becoming a little bit circular (as conversations about security & privacy often do) so I’ll just sum up the key points.

The Freetrade app itself is kept secure in two ways:

  • Your phone’s lock screen prevents anyone from accessing the app at all
  • Whenever you try to make a ‘transaction’ within the app e.g withdraw money or sell an investment, you’re required to enter your PIN or use Touch ID / Face ID for authentication

So protection of the app itself isn’t required for security because people are prevented from accessing the app when it’s locked or if you did give the phone to someone else while it’s unlocked, they can’t do anything that would cause you to lose money, without additional authentication.

When it comes to privacy, the phone’s lock screen also protects your privacy because it prevents anyone from accessing the information in the app, while the phone is locked.

So requiring everyone to apply PIN / biometric protection for the app itself, is arguably overkill because not all users will give their phone to others while it’s unlocked or be concerned about that person viewing the information in the Freetrade app if they do.

Therefore you could argue that the PIN / biometric protection of access to the app should be optional.


(Denislav) #17

If someone gained access to your app then for me it’s not about if they can buy or sell because you need your PIN to do that but the private information that they will have access too. For example, the money in the account, bank information, the type of shares owned, names and so on.

I do not mind having the option to switch it off but I believe it’s better to have it on. It does not take that long to enter your PIN.


(Jeff puckering) #18

Apologies this was a bit of a stop start post inbetween being wrestled by my 1 yr old :joy:

As I mention on the end of my post it could be due to a misunderstanding of some of the tech involved and I follow everyone’s logic. And the Cambridge analytica example clearly doesn’t work. I guess it makes me wonder about some of the apps on my phone that require passcodes/ print and what their reasons are.

The last point about attitudes though (which again I may not have described well :weary:) I think should be taken into account which is people’s feelings towards privacy.

So after all this I think my stance is, choice is good but I stand by a ‘default should be passcode required’ as, even if it’s redundant, right now my gut is telling me the general public (myself included) would feel better about using an app with a lock on the front door :wink:.

FYI I am a millennial brand new to trading, and although am usually pretty lax about my data on the web, trading is new to me and directly involves moving money around so making my activity feel secure would be a good way to reassure me as a new user.

Apologies if it took me a while to figure out what my point was!

[edit] also I aknowledge the requirement for passcode at point of trade is the main thing but for me I think comforting a new user (who might not make a trade for a while) from the off by reassuring them with a security feature could help.