Every OTP generation results in true dialer number search #66
Comments
|
Comment by coolsvap on 1 Jul 2015 15:32 UTC |
|
Wow, If I understand correctly, you have a service running on your device that will leak the contents of your clipboard to a 3rd party if it looks like a telephone number? (and this is not an uncommon service for a user to have installed). This sounds like a very compelling reason not to copy OTP codes into the clipboard by default (there is currently no method to avoid this happening with freeOTP as far as I can tell). I would suggest being able to copy the code from the context menu for that entry (unlikely to happen by accident), or by tapping again on a entry once the OTP is displayed. The user should also be cautioned that the clipboard may not be secure/safe as I don't think its reasonable to expect them to expect this kind of risk, ie true dialler. (I certainly falsely assumed no honest application would be interested in my clipboard, much less transferring its contents to a 3rd party) I very rarely use the OTP code on the device that freeOTP is running on, and I suspect this use is not uncommon. The pull request I just referenced this issue from would only be a band aid, but if its ready at least it can be deployed quickly |
npmccallum
added a commit
to npmccallum/freeotp-android
that referenced
this issue
Jul 6, 2018
This commit contains a long-awaited rewrite to address many long-standing issues. This patch contains: 1. a totally new UI focused on Material Design compliance 2. all tokens are stored in the Android KeyStore 3. support for sending codes over Bluetooth LE to computers via Jelling 4. extensive unit testing 5. expanded branding options (cf. image= and color=) 6. default branding for major issuers (needs docs) 7. sane behavior surrounding the addition of multiple tokens 8. warnings on weak cryptographic parameters 9. token locking (authentication required to get token code) All this goodness comes with some costs: 1. Android API 23+ is required. This is necessary for KeyStore access. 2. Manual token adding is removed. Use a QR code or click a otpauth:// link. 3. Use of the KeyStore makes token secrets impossible to extract. 4. Tokens are now immutable. Existing changes will be discarded during upgrade. Closes: freeotp#190 Closes: freeotp#96 Closes: freeotp#78 Closes: freeotp#77 Closes: freeotp#68 Closes: freeotp#55 Closes: freeotp#48 Closes: freeotp#45 Closes: freeotp#43 Closes: freeotp#16 Fixes: freeotp#187 Fixes: freeotp#185 Fixes: freeotp#176 Fixes: freeotp#175 Fixes: freeotp#172 Fixes: freeotp#170 Fixes: freeotp#167 Fixes: freeotp#161 Fixes: freeotp#144 Fixes: freeotp#142 Fixes: freeotp#136 Fixes: freeotp#123 Fixes: freeotp#122 Fixes: freeotp#110 Fixes: freeotp#90 Fixes: freeotp#89 Fixes: freeotp#84 Fixes: freeotp#74 Fixes: freeotp#69 Fixes: freeotp#67 Fixes: freeotp#66 Fixes: freeotp#65 Fixes: freeotp#63 Fixes: freeotp#62 Fixes: freeotp#61 Fixes: freeotp#58 Fixes: freeotp#54 Fixes: freeotp#53 Fixes: freeotp#49 Fixes: freeotp#40 Fixes: freeotp#21 Fixes: freeotp#14 Fixes: freeotp#8 Fixes: freeotp#7 Fixes: freeotp#6
npmccallum
added a commit
to npmccallum/freeotp-android
that referenced
this issue
Jul 6, 2018
This commit contains a long-awaited rewrite to address many long-standing issues. This patch contains: 1. a totally new UI focused on Material Design compliance 2. all tokens are stored in the Android KeyStore 3. support for sending codes over Bluetooth LE to computers via Jelling 4. extensive unit testing 5. expanded branding options (cf. image= and color=) 6. default branding for major issuers (needs docs) 7. sane behavior surrounding the addition of multiple tokens 8. warnings on weak cryptographic parameters 9. token locking (authentication required to get token code) All this goodness comes with some costs: 1. Android API 23+ is required. This is necessary for KeyStore access. 2. Manual token adding is gone. Use a QR code or click a otpauth:// link. 3. Use of the KeyStore makes token secrets impossible to extract. 4. Tokens are immutable. Existing changes will be discarded during upgrade. Closes: freeotp#190 Closes: freeotp#96 Closes: freeotp#78 Closes: freeotp#77 Closes: freeotp#68 Closes: freeotp#55 Closes: freeotp#48 Closes: freeotp#45 Closes: freeotp#43 Closes: freeotp#16 Fixes: freeotp#187 Fixes: freeotp#185 Fixes: freeotp#176 Fixes: freeotp#175 Fixes: freeotp#172 Fixes: freeotp#170 Fixes: freeotp#167 Fixes: freeotp#161 Fixes: freeotp#144 Fixes: freeotp#142 Fixes: freeotp#136 Fixes: freeotp#123 Fixes: freeotp#122 Fixes: freeotp#110 Fixes: freeotp#90 Fixes: freeotp#89 Fixes: freeotp#84 Fixes: freeotp#74 Fixes: freeotp#69 Fixes: freeotp#67 Fixes: freeotp#66 Fixes: freeotp#65 Fixes: freeotp#63 Fixes: freeotp#62 Fixes: freeotp#61 Fixes: freeotp#58 Fixes: freeotp#54 Fixes: freeotp#53 Fixes: freeotp#49 Fixes: freeotp#40 Fixes: freeotp#21 Fixes: freeotp#14 Fixes: freeotp#8 Fixes: freeotp#7 Fixes: freeotp#6
npmccallum
added a commit
to npmccallum/freeotp-android
that referenced
this issue
Jul 6, 2018
This commit contains a long-awaited rewrite to address many long-standing issues. This patch contains: 1. a totally new UI focused on Material Design compliance 2. all tokens are stored in the Android KeyStore 3. support for sending codes over Bluetooth LE to computers via Jelling 4. extensive unit testing 5. expanded branding options (cf. image= and color=) 6. default branding for major issuers (needs docs) 7. sane behavior surrounding the addition of multiple tokens 8. warnings on weak cryptographic parameters 9. token locking (authentication required to get token code) All this goodness comes with some costs: 1. Android API 23+ is required. This is necessary for KeyStore access. 2. Manual token adding is gone. Use QR code or otpauth:// link. 3. Use of the KeyStore makes token secrets impossible to extract. 4. Tokens are immutable. Existing changes will be discarded on upgrade. Closes: freeotp#190 Closes: freeotp#96 Closes: freeotp#78 Closes: freeotp#77 Closes: freeotp#68 Closes: freeotp#55 Closes: freeotp#48 Closes: freeotp#45 Closes: freeotp#43 Closes: freeotp#16 Fixes: freeotp#187 Fixes: freeotp#185 Fixes: freeotp#176 Fixes: freeotp#175 Fixes: freeotp#172 Fixes: freeotp#170 Fixes: freeotp#167 Fixes: freeotp#161 Fixes: freeotp#144 Fixes: freeotp#142 Fixes: freeotp#136 Fixes: freeotp#123 Fixes: freeotp#122 Fixes: freeotp#110 Fixes: freeotp#90 Fixes: freeotp#89 Fixes: freeotp#84 Fixes: freeotp#74 Fixes: freeotp#69 Fixes: freeotp#67 Fixes: freeotp#66 Fixes: freeotp#65 Fixes: freeotp#63 Fixes: freeotp#62 Fixes: freeotp#61 Fixes: freeotp#58 Fixes: freeotp#54 Fixes: freeotp#53 Fixes: freeotp#49 Fixes: freeotp#40 Fixes: freeotp#21 Fixes: freeotp#14 Fixes: freeotp#8 Fixes: freeotp#7 Fixes: freeotp#6
npmccallum
added a commit
to npmccallum/freeotp-android
that referenced
this issue
Jul 6, 2018
This commit contains a long-awaited rewrite to address many long-standing issues. This patch contains: 1. a totally new UI focused on Material Design compliance 2. all tokens are stored in the Android KeyStore 3. support for sending codes over Bluetooth LE to computers via Jelling 4. extensive unit testing 5. expanded branding options (cf. image= and color=) 6. default branding for major issuers (needs docs) 7. sane behavior surrounding the addition of multiple tokens 8. warnings on weak cryptographic parameters 9. token locking (authentication required to get token code) All this goodness comes with some costs: 1. Android API 23+ is required. This is necessary for KeyStore access. 2. Manual token adding is gone. Use QR code or otpauth:// link. 3. Use of the KeyStore makes token secrets impossible to extract. 4. Tokens are immutable. Existing changes will be discarded on upgrade. Closes: freeotp#190 Closes: freeotp#96 Closes: freeotp#78 Closes: freeotp#77 Closes: freeotp#68 Closes: freeotp#55 Closes: freeotp#48 Closes: freeotp#45 Closes: freeotp#43 Closes: freeotp#16 Fixes: freeotp#187 Fixes: freeotp#185 Fixes: freeotp#176 Fixes: freeotp#175 Fixes: freeotp#172 Fixes: freeotp#170 Fixes: freeotp#167 Fixes: freeotp#161 Fixes: freeotp#144 Fixes: freeotp#142 Fixes: freeotp#136 Fixes: freeotp#123 Fixes: freeotp#122 Fixes: freeotp#110 Fixes: freeotp#90 Fixes: freeotp#89 Fixes: freeotp#84 Fixes: freeotp#74 Fixes: freeotp#69 Fixes: freeotp#67 Fixes: freeotp#66 Fixes: freeotp#65 Fixes: freeotp#63 Fixes: freeotp#62 Fixes: freeotp#61 Fixes: freeotp#58 Fixes: freeotp#54 Fixes: freeotp#53 Fixes: freeotp#49 Fixes: freeotp#40 Fixes: freeotp#21 Fixes: freeotp#14 Fixes: freeotp#8 Fixes: freeotp#7 Fixes: freeotp#6
justin-stephenson
pushed a commit
to justin-stephenson/freeotp-android
that referenced
this issue
Jan 22, 2021
This commit contains a long-awaited rewrite to address many long-standing issues. This patch contains: 1. a totally new UI focused on Material Design compliance 2. all tokens are stored in the Android KeyStore 3. support for sending codes over Bluetooth LE to computers via Jelling 4. extensive unit testing 5. expanded branding options (cf. image= and color=) 6. default branding for major issuers (needs docs) 7. sane behavior surrounding the addition of multiple tokens 8. warnings on weak cryptographic parameters 9. token locking (authentication required to get token code) All this goodness comes with some costs: 1. Android API 23+ is required. This is necessary for KeyStore access. 2. Manual token adding is gone. Use QR code or otpauth:// link. 3. Use of the KeyStore makes token secrets impossible to extract. 4. Tokens are immutable. Existing changes will be discarded on upgrade. Closes: freeotp#190 Closes: freeotp#96 Closes: freeotp#78 Closes: freeotp#77 Closes: freeotp#68 Closes: freeotp#55 Closes: freeotp#48 Closes: freeotp#45 Closes: freeotp#43 Closes: freeotp#16 Fixes: freeotp#187 Fixes: freeotp#185 Fixes: freeotp#176 Fixes: freeotp#175 Fixes: freeotp#172 Fixes: freeotp#170 Fixes: freeotp#167 Fixes: freeotp#161 Fixes: freeotp#144 Fixes: freeotp#142 Fixes: freeotp#136 Fixes: freeotp#123 Fixes: freeotp#122 Fixes: freeotp#110 Fixes: freeotp#90 Fixes: freeotp#89 Fixes: freeotp#84 Fixes: freeotp#74 Fixes: freeotp#69 Fixes: freeotp#67 Fixes: freeotp#66 Fixes: freeotp#65 Fixes: freeotp#63 Fixes: freeotp#62 Fixes: freeotp#61 Fixes: freeotp#58 Fixes: freeotp#54 Fixes: freeotp#53 Fixes: freeotp#49 Fixes: freeotp#40 Fixes: freeotp#21 Fixes: freeotp#14 Fixes: freeotp#8 Fixes: freeotp#7 Fixes: freeotp#6
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reported by coolsvap on 1 Jul 2015 08:18 UTC
Everytime I generate an otp the true dialer number search is invoked by default.
The text was updated successfully, but these errors were encountered: