Open MoDevby opened 5 years ago
brarcher
commented
5 years ago I'll take a look at your change in a bit. The build failure is from the findbugs task, which runs the FindBugs Java static analysis tool. Could you run that tool locally to see if it is pointing out any bugs or issues that need to be addressed. To run it:
./gradlew findbugs
brarcher
commented
5 years ago FYI, I was able to bypass the password protection in the following ways:
1) When the password prompt is shown press "back". This leads to the main activity without requiring the password. 2) Add an icon to the home screen. Long press the icon. This brings up a static menu to add a revenue or expense. Click on either opens the TransactionViewActivity without requiring a password.
brarcher
commented
5 years ago Looking over most of the changes and playing with it on an emulator, I understand the change is focused on preventing a user from accessing the application rather than protecting the underlying data. I would support a change to encrypt the underlying data, which would require a password to unlock. Further, the key would need to be stored in Android's Keystore. If you are interested in pursuing this change I can help with advice and code reviews. I've not used the Java Keystore APIs before, so perhaps we can learn together.
I appreciate your sending the changes you have. The nature of the proposed changes I'll not be able to accept, however, as they only attempt to hide the data rather than encrypting it.
MoDevby
commented
5 years ago FYI, I was able to bypass the password protection in the following ways:
1. When the password prompt is shown press "back". This leads to the main activity without requiring the password. 2. Add an icon to the home screen. Long press the icon. This brings up a static menu to add a revenue or expense. Click on either opens the TransactionViewActivity without requiring a password.
Close #187