[Touch-packages] [Bug 1417261] [NEW] On app removal, account access permissions persist

Mon, 02 Feb 2015 12:41:23 -0800 

Public bug reported:

How to reproduce:

1) Install an app which uses online accounts.
2) Uninstall it.
3) Reinstall the application OR ANOTHER APP WITH THE SAME NAMESPACE and it will 
still be able to access the online account.

I could see this being used for phishing when the user is asked to manually 
install a click package with the same namespace as another app, which would 
then allow bad entities to have access to the online accounts of the original 
app.
It could either be presented as a completely seperate app when the user has 
removed the original one or as an "official version" by the people doing the 
phishing.

Therefore, I vote for removing account information from apps when they
are uninstalled.

** Affects: ubuntu-system-settings-online-accounts (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-system-settings-
online-accounts in Ubuntu.
https://bugs.launchpad.net/bugs/1417261

Title:
  On app removal, account access permissions persist

Status in ubuntu-system-settings-online-accounts package in Ubuntu:
  New

Bug description:
  How to reproduce:

  1) Install an app which uses online accounts.
  2) Uninstall it.
  3) Reinstall the application OR ANOTHER APP WITH THE SAME NAMESPACE and it 
will still be able to access the online account.

  I could see this being used for phishing when the user is asked to manually 
install a click package with the same namespace as another app, which would 
then allow bad entities to have access to the online accounts of the original 
app.
  It could either be presented as a completely seperate app when the user has 
removed the original one or as an "official version" by the people doing the 
phishing.

  Therefore, I vote for removing account information from apps when they
  are uninstalled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-system-settings-online-accounts/+bug/1417261/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to