Actually, I implemented the fix for this in the new JSON "accounts"
hook. We can indeed backport the changes to the old-style hooks, but
since they are going to be deprecated (they'll trigger a click-review
alert since 16.10) I don't see this as a priority.
** Also affects: webapps-sprint
Importance: Undecided
Status: New
** Changed in: webapps-sprint
Assignee: (unassigned) => Alberto Mardegan (mardy)
** Changed in: webapps-sprint
Status: New => Confirmed
** Changed in: webapps-sprint
Importance: Undecided => High
** No longer affects: webapps-sprint
** Changed in: ubuntu-system-settings-online-accounts
Importance: High => Low
** Changed in: ubuntu-system-settings-online-accounts (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-system-settings-
online-accounts in Ubuntu.
https://bugs.launchpad.net/bugs/1417261
Title:
On app removal, account access permissions persist
Status in Online Accounts setup for Ubuntu Touch:
Confirmed
Status in ubuntu-system-settings-online-accounts package in Ubuntu:
Confirmed
Bug description:
How to reproduce:
1) Install an app which uses online accounts.
2) Uninstall it.
3) Reinstall the application OR ANOTHER APP WITH THE SAME NAMESPACE and it
will still be able to access the online account.
I could see this being used for phishing when the user is asked to manually
install a click package with the same namespace as another app, which would
then allow bad entities to have access to the online accounts of the original
app.
It could either be presented as a completely seperate app when the user has
removed the original one or as an "official version" by the people doing the
phishing.
Therefore, I vote for removing account information from apps when they
are uninstalled.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-system-settings-online-accounts/+bug/1417261/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
