touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #52147
[Bug 1417261] Re: On app removal, account access permissions persist
** Changed in: ubuntu-system-settings-online-accounts (Ubuntu)
Status: New => Confirmed
** Also affects: ubuntu-system-settings-online-accounts
Importance: Undecided
Status: New
** Changed in: ubuntu-system-settings-online-accounts
Status: New => Confirmed
** Changed in: ubuntu-system-settings-online-accounts
Importance: Undecided => High
** Changed in: ubuntu-system-settings-online-accounts
Assignee: (unassigned) => Alberto Mardegan (mardy)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-system-settings-
online-accounts in Ubuntu.
https://bugs.launchpad.net/bugs/1417261
Title:
On app removal, account access permissions persist
Status in Online Accounts setup for Ubuntu Touch:
Confirmed
Status in ubuntu-system-settings-online-accounts package in Ubuntu:
Confirmed
Bug description:
How to reproduce:
1) Install an app which uses online accounts.
2) Uninstall it.
3) Reinstall the application OR ANOTHER APP WITH THE SAME NAMESPACE and it will still be able to access the online account.
I could see this being used for phishing when the user is asked to manually install a click package with the same namespace as another app, which would then allow bad entities to have access to the online accounts of the original app.
It could either be presented as a completely seperate app when the user has removed the original one or as an "official version" by the people doing the phishing.
Therefore, I vote for removing account information from apps when they
are uninstalled.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-system-settings-online-accounts/+bug/1417261/+subscriptions
References