search

oulan / sipdroid

Automatically exported from code.google.com/p/sipdroid
GNU General Public License v3.0
0 stars 0 forks source link

Google Voice integration needs to post Terms of Service #794

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Does the google voice integration retain the user's google username and 
password in a database? Is it kept in plaintext or encrypted? Who has access to 
that database? How is it monitored? What use will you make of the google 
authentication (e.g. "An automated process will log into your google account 
periodically; this will show up in your account access as [Germany, IP...]")? 
Will the authentication details ever be deleted? How would one delete them? 

This needs to be clearly spelled out in a dialog prior to allowing the user to 
sign up. If this feature were only available to people downloading from your 
site, you might expect everybody to understand the above. However, the app is 
freely available on the app market, and SIP is becoming ever more mainstream. 
People are (perhaps unfortunately) used to typing their google authentication 
into third party services to authenticate (e.g., appbrain); it is not clear 
from the integration dialog that this is anything different.

Original issue reported on code.google.com by reuben.f...@gmail.com on 21 Dec 2010 at 12:33

GoogleCodeExporter commented 9 years ago 
Sorry for the "Me, too" post, but this is an important issue that demands 
someone's immediate attention.

I am embarrassed to say that I handed over my Google credentials as part of the 
Sipdroid registration process.  (I had just bought a Nexus S and was too eager 
to get a SIP client working on it.)  I take full responsibility for this error 
in judgement.

Nonetheless, had there been clear terms of service indicating the implications 
for the security of my Gmail account, I would have aborted the Sipdroid 
installation.

Original comment by marc.s.m...@gmail.com on 24 Dec 2010 at 2:22

GoogleCodeExporter commented 9 years ago 
Agreed.  I installed SIPdroid two days ago and received notification that my 
gmail account had been accessed from Germany.  I changed my password and then 
(coincidentally? who knows) got a "wrong-number" call which blocked caller-ID.

Going to notify Google security as to the possible issue.   Hopefully wheels 
will turn and the security situation will be resolved in a transparent manner.

Original comment by riftw...@gmail.com on 16 Nov 2011 at 6:25