When using the share function from other apps my most frequent contacts on Molly have both their name and photo exposed without any form of authentication into Molly. I expect information such as this to be secure until authenticated with PIN or biometrics in the Molly app.
If an adversary is able to get into my phone but can't get access to the Molly app then they shouldn't be able to see who I've been conversing with.
Steps to reproduce
Open any app that has an external share button (Most apps including Github)
Hit the share button and see the options listed appear without any Molly authentication. (Pictured below are my 3 most common contacts with their picture and name)
Is there an existing issue for this?
Bug description
When using the share function from other apps my most frequent contacts on Molly have both their name and photo exposed without any form of authentication into Molly. I expect information such as this to be secure until authenticated with PIN or biometrics in the Molly app.
If an adversary is able to get into my phone but can't get access to the Molly app then they shouldn't be able to see who I've been conversing with.
Steps to reproduce
Molly version
v7.6.2-2-FOSS
Android version
Android 14 - Graphene OS
Device
Pixel 8
Link to debug log
No response