bakulf
commented
3 years ago Maybe this can be considered a dup of https://github.com/mozilla-mobile/mozilla-vpn-client/issues/811
Closed bakulf closed 3 years ago
bakulf
commented
3 years ago Maybe this can be considered a dup of https://github.com/mozilla-mobile/mozilla-vpn-client/issues/811
It was found that the Android app makes frequent use of logging features to be able to monitor events. However, this can be considered a bad practice, especially in production environments where tokens and codes of Mozilla VPN users might be accessible by third-parties. In case the device is connected to the computer with debugging enabled via USB, an attacker may be able to get access to the logs via adb logcat. From there, extraction of user-tokens may be achievable. Note that apps with system privileges are able to access logs directly on rooted devices.
┆Issue is synchronized with this Jira Task