two-trick-pony-NL / MeesMonkey-Unofficial-Meesman-App

Unofficial app based on Meesman Indexbeleggen
MIT License
1 stars 0 forks source link
expo investment investment-portfolio meesman react-native

monkey

MeesMonkey App

A unofficial wrapper around Meesman Indexbeleggen

Because Meesman Indexbeleggen does not provide their own app, I decided to build one for myself independently. The app utilizes a custom API endpoint that can scrape account details from mijn.meesman.nl. The whole app is designed using best practices in security so we never store raw credentials, security keys are encrypted and stored on your local device and all data is sent over https. Feel free to check out the code on how the app works. For details on the API, refer to the repository: MeesmanAPI.

Release to app stores:

I intend to use the app for personal use, but if there is enough demand I can release the app through the appstores. Please let me know you are interested in this issue: https://github.com/two-trick-pony-NL/MeesMonkey-Unofficial-Meesman-App/issues/2

Features:

App Technology

Known issues

Affiliation Disclosure

It is important to note that I have no affiliation with Meesman Indexbeleggen. This app is an independent project developed to enhance the user experience for Meesman investors. While efforts have been made to ensure accurate functionality, users are advised to exercise caution and carefully consider the known limitations mentioned above.

By using this app, you acknowledge that it is an unofficial solution and that I am not liable for any inaccuracies, losses, or inconveniences that may arise from its use. Your feedback and suggestions for improvement are welcome, just open an issue.

For developers: How to Run

Installation and Running Instructions

Prerequisites:

Installation:

How MeesMonkey handles your sensitive data

MeesMonkey uses security best practices. We're very aware that your username and password and financial data are sensitive and as a consequence we are very carefull with that data. Also note that we are MeesMonkey users ourself and also want to protect our financial data as good as we can.

Therefor we decided on the following design principles:

  1. We don't store any of your data anywhere --> Any persistant data is stored with you, encrypted, on your device
  2. We don't track any of your data --> There are 0 analytics tools installed (except for Sentry that reports crashes of the app anonymously )
  3. We use best practices in security:
    • The app itself is locked with Biometrics (FaceID on iOS)
    • EAS 128 Encryption using Fernet Tokens
    • All communication over HTTPS
    • Tokens and Credentials are stored in the Headers and not in URL's.
    • We don't store raw passwords anywhere
    • Your credentials are stored as a encrypted token on your local device. - If you want to stop using MeesMonkey all you have to do is delete the app. This will delete the encrypted token from your device.

Authentication in code

If you want to review our security implementation in code then please check out the following code. Feel free to open an issue if there is something you'd like to see improved.

Schematic on authentication

Artboard