[SECURITY BUG] Megalodon will always partially sign back in after reinstall, even after logging out and clearing data first #965
Comments
Leah96xxx
changed the title
|
Also seeing this bug. Worse yet, when I migrated data from one phone to another, I noticed that I was already signed in on Megalodon |
|
From what I understand, this behaviour is from Google saving and restoring app settings, and I have seen it do it even for apps that weren't installed from Google Play. Is it really megalodon "bug"? |
Ya, I read something like that here: https://stackoverflow.com/questions/33169618/an-android-app-remembers-its-data-after-uninstall-and-reinstall It might be desirable to exclude the account data from this backup as the answer suggests by updating the app manifest. |
Describe the bug
While troubleshooting another issue that I may post about shortly, I discovered that Megalodon will always sign back in to my account when I reinstall it. This occurs regardless of what I do prior to reinstalling it.
I have tried:
All of the above will not prevent the app from automatically signing back in after being reinstalled.
However, when the app restarts, it gives the error "The access token was revoked" and won't let you post any toots, so I guess that's one good thing. But my point is that a newly reinstalled app shouldn't sign into anything automatically, especially after having its data cleared.
I did also notice that the uninstallation takes a fraction of the time that the install takes. Not sure if this is related.
To reproduce
Steps to reproduce the behavior:
Does this happen in the official app?
Does this issue also occur with the respective upstream release?
No (Mastodon Play Store latest)
Screenshots and screen recordings
(Apologies for compression issues. The video was 47MB but GitHub only allows up to 10MB.)
Screen_Recording_20240113_122508_Google.Play.Store.mp4
Version
Megalodon version: 2.1.6+fork.110 (110) (Play Store latest)
Crash log
N/A
The text was updated successfully, but these errors were encountered: