S-Memo Stores Google Account Passwords in Clear Text, Viewable When Rooted

S-Memo Stores Google Account Passwords in Clear Text, Viewable When Rooted

There are always inherent risks when you root your device, though voiding your warranty in and of itself is not one of them, unlike what manufacturers would have you believe. Instead, the real risks are those things like having your /data partition readable by any app in the /system partition, as XDA Recognized Developer and Forum Moderator graffixnyc found out recently.

While browsing his AT&T Samsung Galaxy S3 on a lazy Saturday afternoon, graffixnyc opened the Samsung S-Memo SQLite files and found something shocking: S-Memo stored his Google account password in clear text. After posting his findings in the thread, fellow XDA Recognized Developer ViViDboarder reminded graffixnyc that since he was rooted he was able to view the contents of the SQLite files. And while this is true, graffixnyc pointed out that even though the only users affected by this are root users, the records themselves should have been encrypted.

Let this be a warning to you that if you find yourself with root on your device, be careful.  Some developers don’t take proper precautions when creating an application. They can’t be trusted to protect your credentials; only you can.

 

About author

Jeremy
Jeremy

Jeremy has been an XDA member since 2007, and has been involved in technology in one way or another, dating back to pre-Internet days. He has owned, to date, over 100 mobile devices over the last 15 years and mobile technology just clicks with him. In addition to being the Developer and Community Relations Manager, he is an Industry Analyst and News Editor for the News Portal, Senior Moderator and member of the Developer Committee at XDA.