Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User is able to take a screenshot & be able to save the user's account key when the user taps on ‘Account key’ from Hamburger Menu. #5707

Closed
Lss-Ankit opened this issue Nov 4, 2020 · 4 comments · Fixed by #6288
Closed

User is able to take a screenshot & be able to save the user's account key when the user taps on ‘Account key’ from Hamburger Menu. #5707

Lss-Ankit opened this issue Nov 4, 2020 · 4 comments · Fixed by #6288
Labels
Android Android specific issues bug Something isn't working Component: Account Recovery Priority: P2 Major qa wallet

Comments

@Lss-Ankit
Copy link

Frequency: 100%
Repro on build version: Android internal build v1.3.0(1004294316)
Repro on devices: Samsung Galaxy Note 5(7.0)
Testing Account: (680)9898865 / Back up Key: https://docs.google.com/spreadsheets/d/1Iy41GGA6e2pES2XHjBn7nb8X3n8zZsu7EW1jvwD2e70/edit#gid=0

Pre-condition: Users should have set an Account key after login with a new account.
Repro Steps:

  1. Launch the application & login with New/Existing account.
  2. Go to the Account key section & set account key.
  3. Again tap on the Account key section from Hamburger Menu.
  4. Now the user should be on the ‘Your Account Key’ page with the generated account key.
  5. Try to take screenshots using respective mobile devices.
  6. Observed that,
    Current Behaviour: Any other user is able to take a screenshot and be able to save it.
    Expected Behaviour: Other users should not be able to take screenshots.
    Investigation: For IOS, it is expected and confirmed with jean as for iOS it is not possible.
    Impact: Other User can sign in and funds can be stolen by any random user.
    Attachment: UserShouldNotAbleToTakeScreenshot.mp4
@Lss-Ankit Lss-Ankit added Android Android specific issues bug Something isn't working Priority: P1 Critical qa wallet labels Nov 4, 2020
@nityas nityas added tmp and removed tmp labels Nov 11, 2020
@Lss-Ankit
Copy link
Author

Hi @nityas I have verfified this issue using latest Android internal build v1.5.5(1004294323) & Test Flight build v1.5.5.(34) & found that issue is still reproduced.
Repro on devices: Samsung Galaxy Note 5(7.0)

@nityas nityas added Priority: P2 Major and removed Priority: P1 Critical labels Nov 18, 2020
@nityas
Copy link
Contributor

nityas commented Nov 18, 2020

downgrading to P2-- just because we've noticed that this is not the case on initial saving of key(so this would be an additional copy) and we are looking to build a v2 of this feature

@Lss-Ankit
Copy link
Author

Lss-Ankit commented Nov 19, 2020
edited
Loading

Hi @nityas I have verified this issue using latest Android internal build v1.5.5(1004294323) & Test Flight build v1.5.5.(34) & found below observations.
Repro on devices: Samsung Galaxy Note 5(7.0), iPhone SE (13.5.1)
Observation:

For Android:

  • User is not able to take screenshot while setting up Account key but able to take screenshot after setup is done.

@Lss-Ankit
Copy link
Author

Lss-Ankit commented Dec 1, 2020
edited
Loading

Hi, @nityas I have verified this issue using latest Android Internal build v1.6.0(1004294326) & observed that issue is still reproduced.
Repro on devices: Samsung Galaxy A5(7.0)
Observation:

For Android:
User is not able to take screenshot while setting up Account key but able to take screenshot after setup is done.

@gnardini gnardini mentioned this issue Dec 18, 2020
Merged
@mergify mergify bot closed this as completed in #6288 Dec 19, 2020
mergify bot pushed a commit that referenced this issue Dec 19, 2020
@gnardini
[Wallet] Always prevent taking screenshots to Account Key on Android (#…
9f952d5 
…6288)

### Description

On Android, we prevent users from taking screenshots of the Account Key. This was not working for the Account Key screen after doing the backup. It should be now.

### Other changes

Did some minor UI changes to better follow the [design in Figma](https://www.figma.com/file/zt7aTQ5wuXycIwxq5oAmF9/Wallet-Refresh?node-id=2995%3A34550)

<img width="346" alt="Screen Shot 2020-12-17 at 23 28 21" src="https://user-images.githubusercontent.com/6062888/102567210-cbf9a980-40bf-11eb-8014-b62450966d3a.png">


### Tested

Manually

### Related issues

- Fixes #5707

### Backwards compatibility

Yes
@snyk-bot snyk-bot mentioned this issue Nov 24, 2022
Open
@lili2311 lili2311 mentioned this issue Aug 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Android Android specific issues bug Something isn't working Component: Account Recovery Priority: P2 Major qa wallet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Wallet] Always prevent taking screenshots to Account Key on Android celo-org/celo-monorepo
2 participants
@nityas @Lss-Ankit