To my surprise, we can see quite a lot of banking apps that use Stetho. This is very good since it shows that banks do care about good UI and do on-device debugging. But it is also pretty bad since developers release this on Google Play and as a result, the entire content of the screen is broadcasted via the Stetho build-in server, leaking very sensitive data (accounts, transactions, passwords, and PIN codes, ...).
Please add visible documentation clearly stating that Stetho should be available on non-production builds only, ideally in a specific "UX-debugging flavor" or the app. I know that this is a bit patronizing for some developers but this improvement does not cost anything and might prevent some damages...
To my surprise, we can see quite a lot of banking apps that use Stetho. This is very good since it shows that banks do care about good UI and do on-device debugging. But it is also pretty bad since developers release this on Google Play and as a result, the entire content of the screen is broadcasted via the Stetho build-in server, leaking very sensitive data (accounts, transactions, passwords, and PIN codes, ...).
Please add visible documentation clearly stating that Stetho should be available on non-production builds only, ideally in a specific "UX-debugging flavor" or the app. I know that this is a bit patronizing for some developers but this improvement does not cost anything and might prevent some damages...