Issue metadata
Sign in to add a comment
|
Security: Loose Google Play Store Information
Reported by
tzuiderv...@4hcs.org,
Oct 23 2017
|
||||||||||||||||||||
Issue descriptionDuring the event of verifying yourself when you are managing a device (click settings gear then find my device) you are then able to select "show all devices". In the event you should click this all android or google devices appear, a problem here is that there is the possibility that someone may use the locate device to track someone or the wipe device feature to remove all applications, personal data, and un-synced data! Now you may be thinking that someone can't easily get in, but all these people need is a your email from any security leak, screenshot, risky website, and un-secure network connections to use the email and get into the email using an inspect element trick to get the password and completely ruin your device and/or day.
,
Oct 23 2017
Yes, if you allow a bad guy to have your device and extract your passwords from it, you have made a mistake. This is not a vulnerability. https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Why-arent-physically_local-attacks-in-Chromes-threat-model https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#What-about-unmasking-of-passwords-with-the-developer-tools
,
Jan 30 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by kenrb@chromium.org
, Oct 23 2017