Quote:
Originally Posted by Ron99
That's great. I hope it is fixed and can be turned back on soon.
Keith, how exactly did the Android bug affect the iPhone users too? Did it somehow give access to the server side so people could access anyone's passwords?
Not trying to slam Android here, just wondering how this bug worked?
|
I don't know the whole story Ron but I think you can follow the links and get the full story if your interested. I'm speculating that the first version of TapaTalk for Android the developer missed some encryption options so queries to the servers were returned un-encrypted and thus readable if someone was snooping. I'm further speculating that the user doing the queries would have to be a server admin anyway so this exploit probably did not go far.
It was good to see the bug finder, an Android developer btw, contact Tapatalk right away and work to close this vulnerability.