prdTok
commented
5 years ago The issue you're talking about is existing and important, that's what we're going to do next to keep the privacy Device-to-Device,after ensuring the security of transmission
Open jbash opened 5 years ago
prdTok
commented
5 years ago The issue you're talking about is existing and important, that's what we're going to do next to keep the privacy Device-to-Device,after ensuring the security of transmission
supertref
commented
4 years ago Any news?
notanewbie
commented
3 years ago Is there an update on this?
The Tok app creates a directory on shared storage and adds subdirectories named after user profiles. That in itself tells every app with "storage" permission (which is practically every damned app on Android these days) that Tok is installed, and gives away all the user's profile names. It looks like it puts stuff like avatars (probably the user's picture!) in there too.
An app like this should never, ever, put anything outside of its own private storage without explicit, knowing direction from the user. Nor, for that matter, should it ask for storage permission at all until the user actually tells it to use shared storage for something specific. Android shared storage is a dumpster fire.