As the title say, a bug which has been confirmed to be around for 7 years leaks the google account password as well as the 2FA code -if enabled-.

Steps to reproduce the behavior:

  • Open MicroG Settings
  • Add a Google account
  • Login with your Google account
  • Check logcat with adb logcat | grep GmsAuthLoginBrowser

Therefore, through logcat is possible to see the password, which is a gigantic security hole. This happens even without root.

Is also important to underline that microG per se has security problems.

For more information about the bug, see here.

  • newhoa@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    3 years ago

    I haven’t used logcat so excuse my ignorance, but from what I read it’s a log dumper.

    What log file is the login info originally stored in?

    Is it plaintext in the log file itself, or is it only plaintext after bring filtered through logcat?

  • Helix 🧬@feddit.deB
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    3 years ago

    Is it really a bug or a feature? I can imagine a three letter agency providing services and tools to privacy minded people to get their data.

    • SeerLite@lemmy.ml
      link
      fedilink
      arrow-up
      6
      ·
      3 years ago

      Don’t you need access via adb and have debugging options enabled to even see the logcat?