[Widgets] Possible to see any note content with passcode active

Automattic / simplenote-ios

Simplenote for iOS

https://simplenote.com

GNU General Public License v2.0

2.05k stars 285 forks source link

[Widgets] Possible to see any note content with passcode active #1445

Open pachlava opened 3 years ago

pachlava commented 3 years ago

I'm not exactly sure this is a bug. By adding widgets, the user already takes a step back from their notes privacy.

Expected

Again, it's hard to say it's definitely expected. This is something that wasn't an option before.

If the user has a passcode active, previously it meant that notes can't be viewed without knowing the password. Now it's possible with widgets.

Observed

Note widget will allow to change the note selected for display without asking for passcode (first seconds are just showing the app has a passcode active):

https://user-images.githubusercontent.com/73365754/134319491-82b7fa69-f6d8-45cc-a034-a571e6d75f8d.MP4

Reproduced

Activate passcode in the app
Add a Note widget
Kill the app to make sure passcode will be required from now on
You can change the note selected for display in Note widget (and see the note), which bypasses the need to enter a passcode to see the note.

Make	Model	iOS Version	App Version
iPhone	XR	14.7.1	4.45.0.0

jleandroperez commented 3 years ago

@pachlava (Hey there sir!!). I'm not sure there's anything we should do on this one, since we can't add a passcode to the widget, and the user has to willingly set it up first.

IMHO we should probably close this one, WDYT?

pachlava commented 3 years ago

@jleandroperez Hey! 👋 I agree this is an edge case, and I'm good with having it closed, just wanted to communicate about this case and be sure it's not something critical. Thanks!

jleandroperez commented 3 years ago

Thank you sir!!

adamjohndaly commented 11 months ago

An important point about widgets:

When this was discussed before it was closed on the basis that having the widget is optional and the user is accepting the security bypass. However, despite access to Widgets being switched off in my iOS settings for Simplenote, on my MacBook, in Edit Widgets, all of the Simplenote widgets appear, complete with note text for the most recent note, and the names of the last 8 notes! This is BEFORE choosing to add the widget. That is therefore NOT a user-selected feature and I cannot stop it happening. I am using Sonoma 14.1. What can be done to prevent this?

https://forums.simplenote.com/forums/topic/security-flaw-in-widgets/?view=all#post-1440

jimlearning commented 4 months ago

Can we add a "Not displayed in Widgets" switch to every note settings? In this way, the notes that we don't want to show can be filtered out.

Or can we make the widget shown like before login? If the app has set password, just show the text "Tap in to see your notes".

The last method is much easier than the first.

I think it's very important. If password-protected notes can be seen, then the password feature will be meaningless.