While we normally like to write about good things going on in the Android world, we also like to warn people about potential dangers to them. XDA member aBSuRDiST posted a thread regarding the XFinity Android app. For those of you outside of the US, XFinity (Comcast) is a cable provider in the US and this app allows the user to have control over various things such as DVR settings and more. The member discovered by reading the activity put out by the app, that this openly reveals both username and password of the user in question. Telling the app to not remember this information seems to not work either.
It would be interesting if those of you with this app can reproduce this. For this you will need something to see the logcat generated in your device. Please leave your comments below if you notice any other weird behavior by this app.
My system log shows <userName>MYUSERNAME@comcast.net</userName> and <password>MYPASSWORD</password> on a line that starts with “D/HTTPManager”. I read the log using aLogcat (app available in the market). Open aLogcat, press menu and filter for “password”. After I clear my log (using aLogcat) that line reappears even when I haven’t used the Xfinity app. I don’t use my comcast credentials in any other app.
You can find more information in the original thread.
Want something published in the Portal? Contact any News Writer._________
Join us for xda:devcon 2014. For a limited time, XDA Portal readers get 20% off registration!