Investment-tracking apps (Personal Capital, Wealthfront, Empower, Yodlee-based apps) aggregate accounts across brokerages, banks, and retirement plans. The interview is multidisciplinary: financial-data aggregation, performance calculation, tax-aware reporting, and the security implications of holding read-only access to a user’s entire financial life.
Functional requirements
- Connect bank, brokerage, retirement, and credit card accounts
- Show net worth over time
- Calculate portfolio performance (TWR, MWR)
- Asset allocation visualization
- Tax-loss harvesting suggestions
- Goal tracking (retirement, down payment)
Account aggregation
Connecting external accounts:
- Plaid (and similar): OAuth to thousands of US financial institutions
- Yodlee: older but broad coverage
- MX: alternative aggregator
- Direct OAuth: for fintech-native institutions (Robinhood, Coinbase)
Read-only access is the norm. Modifying accounts requires direct integration with each institution.
Data refresh
Most aggregators sync nightly. Real-time updates are rare for traditional accounts. Cache last-known balance with timestamp.
Performance calculation
Two ways to calculate portfolio performance:
- Time-weighted return (TWR): measures portfolio performance independent of cash flows. The standard for benchmarking.
- Money-weighted return (MWR / IRR): measures actual return to the investor. Includes timing of contributions.
Both have edge cases (deposits, withdrawals, dividends). Get the math right; users will notice errors.
Asset allocation
Map holdings to asset classes:
- US Equity (large/mid/small cap)
- International Equity (developed/emerging)
- Bonds (gov / corporate / high-yield)
- Real estate
- Cash
- Alternative
Use lookup tables for ETFs and mutual funds (Morningstar, Bloomberg). For individual stocks, use sector classifications.
Tax-aware reporting
Track:
- Cost basis per lot
- Short-term vs long-term holding period
- Realized vs unrealized gains
- Tax-loss harvesting opportunities
This is detail-oriented work. Errors create audit risk for users.
Security
Investment apps hold sensitive data. Practices:
- Multi-factor authentication mandatory
- Read-only access; never write
- Tokens encrypted in HSM-backed storage
- No PII in logs
- SOC 2 Type II audits
Mobile-specific concerns
- Biometric login (Face ID / Touch ID)
- Auto-lock after 5 minutes
- Disable screenshots on sensitive screens
- Push notifications: balance changes, transactions, no specifics
Battery and data
Investment apps are not always-on. Battery impact: minimal. Data: low — fetches happen when the app opens, not continuously.
Frequently Asked Questions
Why does my balance lag the brokerage by a day?
Aggregators sync nightly. Real-time balance requires direct integration, which most aggregators do not offer for retail users.
How does cost-basis tracking work for transferred shares?
Cost basis transfers with the shares. Aggregator provides the data when available; for older transfers, may be missing — user enters manually.
What about crypto?
Coinbase, Kraken, and major exchanges integrate via OAuth. DeFi wallets require manual import or wallet-watch addresses.