egzthunder1 · Feb 14, 2011 at 09:00 pm

XFinity App for Android Sharing Passwords

While we normally like to write about good things going on in the Android world, we also like to warn people about potential dangers to them. XDA member aBSuRDiST posted a thread regarding the XFinity Android app. For those of you outside of the US, XFinity (Comcast) is a cable provider in the US and this app allows the user to have control over various things such as DVR settings and more. The member discovered by reading the activity put out by the app, that this openly reveals both username and password of the user in question. Telling the app to not remember this information seems to not work either.

It would be interesting if those of you with this app can reproduce this. For this you will need something to see the logcat generated in your device. Please leave your comments below if you notice any other weird behavior by this app.

My system log shows <userName>MYUSERNAME@comcast.net</userName> and <password>MYPASSWORD</password> on a line that starts with “D/HTTPManager”. I read the log using aLogcat (app available in the market). Open aLogcat, press menu and filter for “password”. After I clear my log (using aLogcat) that line reappears even when I haven’t used the Xfinity app. I don’t use my comcast credentials in any other app.

You can find more information in the original thread.

Want something published in the Portal? Contact any News Writer.


_________
Want something on the XDA Portal? Send us a tip!
TAGS:

egzthunder1

egzthunder1 is an editor on XDA-Developers, the largest community for Android users. I have been an active member of xda-developers since 2005 and have gone through various roles in my time here. I am Former Portal Administrator, and currently part of the administrator team while maintaining my writer status for the portal. In real life, I am a Chemical Engineer turned Realtor in the Miami area. View egzthunder1's posts and articles here.
GermainZ · Mar 30, 2015 at 02:41 pm · 2 comments

DexPatcher: Patch Android APKs Using Java

You've probably seen or installed modified applications, be it a patched dialer for your resolution or a custom WhatsApp version with added features. How do developers do that, though? A lot of the time, the applications' source code isn't even available, so how does it all work? We'll see that first, then take a look at a new tool that aims to make the process much easier, and finally compare it to the popular Xposed framework to see how they...

XDA NEWS
Emil Kako · Mar 30, 2015 at 01:53 pm · 2 comments

Is Cloud Storage Ready to Replace External Storage?

With more and more OEMs ditching SD cards on their flagships, cloud storage is becoming even more important in the mobile world. Services like Dropbox and Google Drive have already become widely adopted by the majority of smartphone users, but is cloud storage ready to replace external storage? Let us know your thoughts below.

DISCUSS
Mario Tomás Serrafero · Mar 30, 2015 at 11:20 am · 1 comment

M9: Is Throttling a Non-issue? Can’t We Trust Benchmarks?

When the first reports of the M9 overheating came to light, many forum users began a collective joke-round calling the phone a popcorn machine, a grill, and other unoriginal remarks that we’ve seen with every device that presents sign of overheating, from gaming consoles to graphics cards. In this sense, the internet is not very inventive, and the cycle of rehashed jokes re-surfaces on different products every year or so. This time it was the M9’s turn and it was...

XDA NEWS
Share This