User profile information leaked to (essentially) every other app on Android #9
Labels
enhancement
New feature or request
Comments
|
The issue you're talking about is existing and important, that's what we're going to do next to keep the privacy Device-to-Device,after ensuring the security of transmission |
|
Any news? |
|
Is there an update on this? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Tok app creates a directory on shared storage and adds subdirectories named after user profiles. That in itself tells every app with "storage" permission (which is practically every damned app on Android these days) that Tok is installed, and gives away all the user's profile names. It looks like it puts stuff like avatars (probably the user's picture!) in there too.
An app like this should never, ever, put anything outside of its own private storage without explicit, knowing direction from the user. Nor, for that matter, should it ask for storage permission at all until the user actually tells it to use shared storage for something specific. Android shared storage is a dumpster fire.
The text was updated successfully, but these errors were encountered: