Ask / Submit
29

[bug] Notification banner visible in locked phone [1.1.9.28]

asked 2015-09-12 11:52:22 +0300

Ghost gravatar image

updated 2015-09-23 15:50:22 +0300

jiit gravatar image

Even when the screen is locked with a pincode the SMS pop up shows the whole message in its usual marquee form..

Edit: More detailed description of the issue by @MMx: I am running 1.1.9.28 on the Jolla phone. The phone was locked, and I received a SMS containing a mTAN, and the first line of this SMS was readable in the notification banner which showed up although the phone was locked. If the actual mTAN would have been in the first line, any attacker to my account having my (locked) phone would have been able to make transactions.

Expected result: No notification banner as long as phone is locked, or just minimal "1 new message" or something like that. It should neither contain the sender nor any part of the content.

This should be fixed for final 2.0.

edit retag flag offensive close delete

Comments

There seems to be a much more detailed report here https://together.jolla.com/question/111061/bug-security-notification-banner-visible-in-locked-phone-11928/

tbr ( 2015-09-22 22:48:33 +0300 )edit
1

@tbr, that's a dupe. This one should be updated, not created a new thread about the same issue.

raketti ( 2015-09-23 10:21:56 +0300 )edit

@raketti They are dupes of each other. It doesn't matter which one was first, except for ego stroking. The other one has a much better problem description and more votes. I'll be closing this one as it would be more work essentially copy the other question here...

tbr ( 2015-09-23 10:39:58 +0300 )edit
2

@tbr, so let's all start not searching and not updating old posts, sounds like plan that, umm.. sucks? How hard is it to copy pasta text? Not my topics, I've been under the assumption that the old topics should be updated as more/new information comes forward and new duplicates closed to reduce the amount of similar questions, but... Seems I've been mistaken.

raketti ( 2015-09-23 10:50:47 +0300 )edit
2

Creating dupes should be avoided to the best of ones abilities. I'd expect this to be well understood by everyone and this is not the point of this discussion. Deliberate transgression will not be tolerated. However things are not perfect and duplicates will inevitably happen, we're all humans. In this case apparently due to the first report being very short and hard to find. In such a case it is perfectly reasonable to give the better report precedence, especially if it has already garnered more votes in a very short time frame. Those are case by case decisions and it might have very well be the other way around if some things would have been different.

tbr ( 2015-09-23 11:30:12 +0300 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2016-01-02 18:03:46 +0300

AliNâ gravatar image

This patch will fix this privacy issue. Currently, it hides the message text, but I will add more options, e.g. for hiding sender name too, if I get positive feedbacks.

edit flag offensive delete publish link more
Login/Signup to Answer

Question tools

Follow
2 followers

Stats

Asked: 2015-09-12 11:52:22 +0300

Seen: 504 times

Last updated: Jan 02 '16