S-Memo Stores Google Account Passwords in Clear Text, Viewable When Rooted
Posted November 12, 2012 at 12:00 am by jerdog
There are always inherent risks when you root your device, though voiding your warranty in and of itself is not one of them, unlike what manufacturers would have you believe. Instead, the real risks are those things like having your /data partition readable by any app in the /system partition, as XDA Recognized Developer and Forum Moderator graffixnyc found out recently.
While browsing his AT&T Samsung Galaxy S3 on a lazy Saturday afternoon, graffixnyc opened the Samsung S-Memo SQLite files and found something shocking: S-Memo stored his Google account password in clear text. After posting his findings in the thread, fellow XDA Recognized Developer ViViDboarder reminded graffixnyc that since he was rooted he was able to view the contents of the SQLite files. And while this is true, graffixnyc pointed out that even though the only users affected by this are root users, the records themselves should have been encrypted.
Let this be a warning to you that if you find yourself with root on your device, be careful. Some developers don’t take proper precautions when creating an application. They can’t be trusted to protect your credentials; only you can.
Want something on the XDA Portal? Send us a tip!