With regards the customer code in the app that can be used to identify a customer during a support call, I think this is a great idea. That said, anyone with access to the app can retrieve this code and potentially pose as the account holder. This suggests that either there is additional security to go through on the call, or Starling consider the app login to be secure enough.
If it’s the latter, why do we have to enter passwords to change payment details, download statements, etc.? If further security is required, I would much rather have to submit my fingerprint again, or even enter the app passcode. The password is a bit of a pain!