*** This bug is a security vulnerability *** Public security bug reported:
Ubuntu 15.04 r74 1. In Online Accounts, set up a Google account. 2. Install the Calendar app. 3. From the Calendar app's kebab menu, choose "Calendars". What you see: Your Google account is already listed as a calendar. What you should see: The Google account is not listed, because you haven't given permission for the app to know that it exists. This is a privacy violation: it means that a service can see whether you have an account with a competing service when that's none of their business. For example, it means that a Facebook app could tell whether you have a Twitter account, or vice versa; a Flickr app could tell whether you have an Instagram account, or vice versa; a Strava app could tell whether you have a Fitbit account, and so on. <https://wiki.ubuntu.com/OnlineAccounts#App_access>: "An app should have no idea whether you have any accounts of a particular type stored in Online Accounts. It should merely ask for access to an account of a particular type." ** Affects: ubuntu-system-settings-online-accounts (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1479747 Title: An app can see whether you have an account without permission To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-system-settings-online-accounts/+bug/1479747/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
