This project has moved and is read-only. For the latest updates, please go here.
1
Vote

On Moto G4, recent history screen shows clear password

description

The history screen not only isn't blank but it always shows an entry page with the password in the clear. The page shown isn't usually a page I've visited during a session but this is clearly a serious issue.

comments

PhilippC wrote Apr 5 at 8:22 PM

can you please test how this behavior changes if you disable "Protect database display" in the display settings?

This sounds like an issue at the Moto device, KP2A correctly sets the FLAG_SECURE.

RickBielawski wrote Apr 5 at 8:54 PM

I've got a Galaxy with no problem - no screen appears under the app icon.
Since it happens on my wife's phone I'll need to wait till she gets home to see what more I can find out. GHM to remember!
Thanks for the quick response!

RickBielawski wrote Apr 6 at 2:17 PM

We deleted the app from history to eliminate the immediate threat so I had to re-enter the app to put it back on the list. But when I tried I got an error. It asked if I wanted to 'report the error' and I said yes. That was last night.
After the error was reported and the app restarted I didn't see the problem any more so if the report doesn't tell you anything or you simply don't get them - perhaps it will stay a mystery. At the moment there doesn't seem to be a problem anymore.
Sorry if my report causes any bad rep.
We've been using this for about 2 months and gave it 5 stars because it provides exactly the functionality I've been trying to find. A way to access exactly the same password file simultaneously from multiple Windows and Android machines and the merging has been flawless.
Thanks!
It would be nice if the iPad version worked as seamlessly but that's on someone else.

RickBielawski wrote Apr 8 at 2:47 AM

I can recreate the problem consistently now.
What I've surmised is that when 'Protect database display' is 'on' the system should display a 'blank' screen rather than the last actual screen - leaving the big question - where does it get this 'blank' screen from?

If you let the display time out or you tap the on/off button while Keepass2Android has the foreground, whatever is being displayed becomes 'the blank screen' rather than an actually blank screen. It will use this screen in history until I create another by following the same procedure. The only way to make it use an actually blank screen again is to delete the app from history and switch apps before shutting the screen off (or letting it time out) because any other procedure will capture something other than a blank screen.

Hopefully this gives you some clue as to what (if anything) can be done so that what's captured as 'blank' isn't a screen that has a clear password on it. Meanwhile one must be very careful (on a Moto 4G) to be on a menu screen or switch to another app before turning off the display.

RickBielawski wrote Apr 12 at 10:31 PM

Nougat is now available for the Moto 4G.
After the upgrade the problem disappears.