search

session-foundation / session-ios

A private messenger for iOS.
https://getsession.org
GNU General Public License v3.0
4 stars 3 forks source link

[BUG] Screenshot notification leak #100

Open ghost opened 1 year ago

ghost commented 1 year ago

Code of conduct

Is there an existing issue for this?

Current Behavior

This is a follow-up of https://github.com/oxen-io/session-ios-temp/issues/85

When Alice takes screenshots of any Session conversation, Bob might sometimes receive screenshot notifications even though Bob is not part of those conversations.

Expected Behavior

Bob should not receive notifications from Alice other than Alice's DM conversation with him.

Steps To Reproduce

  1. Alice chats with Bob in DM
  2. Alice leaves the DM conversation, switches to a Community, then takes a screenshot of the Community conversation
  3. Bob receives multiple duplications of screenshot notifications when Alice takes the screenshot of the Community conversation.

iOS Version

iOS 16.1.2

Session Version

2.2.4

Anything else?

I can't reproduce it with any other combination of devices/accounts.

Only Alice's device has the notification leak issue, and only Bob's account can receive the leaked notification from Alice.

ghost commented 1 year ago

Anecdotally, Alice reports that in the DM conversation with Bob, she saw a message she never sent by herself, then the message quickly disappeared. She cannot remember the content of the message. Not sure if that's related to the screenshot notification leak issue or a completely different issue.

ghost commented 1 year ago

If you can build a Session iOS debugging version with intensive debugging logs and push it to testflight, I can ask Alice to test it and collect some logs.

There might be some privacy concerns for collecting logs though, alternatively, if you can provide some hints we can also try to debug by ourselves.

RyanRory commented 1 year ago

Hey @fracting , we already have a button in Settings page for exporting debug logs. So if this happens to Alice next time, could you kindly let her share the debug log with us? Thanks in advance!

ghost commented 1 year ago

@RyanRory I am aware of the export button and we have some logs locally. Can I have your Session ID and DM you the log?

RyanRory commented 1 year ago

Sure, my ONS name is R

ghost commented 1 year ago

Sure, my ONS name is R

Thanks @RyanRory! I sent you a message request.

ghost commented 1 year ago

Some one in the Oxen community asks:

Hey. One Contact sometimes send messages that: "name of contact" took a screenshot. But he does not. It's only happening on this contact. Is something unsecure on his phone or Wifi?

I suspect they encounter the same bug. Seems like this bug is very rare, but I'm not the only person experiencing it, eventually someone else reported similar experience as well.

ghost commented 1 year ago

It's interesting that someone in Android Google Play review says:

it keeps sending fake screenshot notifications to people, even though you're not screenshotting

source: https://play.google.com/store/apps/details?id=network.loki.messenger

I suspect that user was using an Android as receiver while one of his contacts is using an iOS as a sender.