You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To my surprise, we can see quite a lot of banking apps that use Stetho. This is very good since it shows that banks do care about good UI and do on-device debugging. But it is also pretty bad since developers release this on Google Play and as a result, the entire content of the screen is broadcasted via the Stetho build-in server, leaking very sensitive data (accounts, transactions, passwords, and PIN codes, ...).
Please add visible documentation clearly stating that Stetho should be available on non-production builds only, ideally in a specific "UX-debugging flavor" or the app. I know that this is a bit patronizing for some developers but this improvement does not cost anything and might prevent some damages...
The text was updated successfully, but these errors were encountered:
To my surprise, we can see quite a lot of banking apps that use Stetho. This is very good since it shows that banks do care about good UI and do on-device debugging. But it is also pretty bad since developers release this on Google Play and as a result, the entire content of the screen is broadcasted via the Stetho build-in server, leaking very sensitive data (accounts, transactions, passwords, and PIN codes, ...).
Please add visible documentation clearly stating that Stetho should be available on non-production builds only, ideally in a specific "UX-debugging flavor" or the app. I know that this is a bit patronizing for some developers but this improvement does not cost anything and might prevent some damages...
The text was updated successfully, but these errors were encountered: