10

!rant

I was playing with adb logcat some apps and I saw some sensitive info from my bank app. So I decided to go deeper , I saw my entire banking information , WHAT THE FUCK? I feel unsafe now using this bank.

Btw this bank is using react native and forgot to obscured their code in production

Comments
  • 1
    Some people are dumb. Uhhhuhuhuhuhuhuh.
  • 3
    I would be far more worried if my bank thought that obfuscating the frontend would do jack shit for security. If their system is even remotely sane their react native app is treated like an untrusted client, you being able to see your own data when acessing your account is not a problem. (Its unavoidable)
  • 0
    @ItsNotMyFault Really? so Should I be worry tho?
  • 2
    @johnmelodyme No, not unless you can see other peoples data or don't have to login to see your own. (Or if the data isn't encrypted in transit, but thats pretty automatic with ssl/https) (and their login shouldn't just be username/password, atleast not for making transactions)
  • 1
    @ItsNotMyFault sensitive information should not go into unencrypted logs
  • 0
    @AlgoRythm android logcat data isn't exposed, stored or sent anywhere (unless the user explicitly enables remote debugging and connects to their device). I would quite frankly be more worried if they tried to prevent me from seeing what the app is doing. The data shown is the data the app sends or receives(you can see the same in the browsers network tab if you use web based banking), its not something the bank needs to hide from the user), if the app hides it the user can still access by putting a ssl proxy on their network.
Add Comment