touch-packages team mailing list archive

[Alberto Mardegan <1417261@xxxxxxxxxxxxxxxxxx>]

** Changed in: ubuntu-system-settings-online-accounts (Ubuntu)
       Status: New => Confirmed

** Also affects: ubuntu-system-settings-online-accounts
   Importance: Undecided
       Status: New

** Changed in: ubuntu-system-settings-online-accounts
       Status: New => Confirmed

** Changed in: ubuntu-system-settings-online-accounts
   Importance: Undecided => High

** Changed in: ubuntu-system-settings-online-accounts
     Assignee: (unassigned) => Alberto Mardegan (mardy)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-system-settings-
online-accounts in Ubuntu.
https://bugs.launchpad.net/bugs/1417261

Title:
  On app removal, account access permissions persist

Status in Online Accounts setup for Ubuntu Touch:
  Confirmed
Status in ubuntu-system-settings-online-accounts package in Ubuntu:
  Confirmed

Bug description:
  How to reproduce:

  1) Install an app which uses online accounts.
  2) Uninstall it.
  3) Reinstall the application OR ANOTHER APP WITH THE SAME NAMESPACE and it will still be able to access the online account.

  I could see this being used for phishing when the user is asked to manually install a click package with the same namespace as another app, which would then allow bad entities to have access to the online accounts of the original app.
  It could either be presented as a completely seperate app when the user has removed the original one or as an "official version" by the people doing the phishing.

  Therefore, I vote for removing account information from apps when they
  are uninstalled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-system-settings-online-accounts/+bug/1417261/+subscriptions