On Tue, Dec 13, 2011 at 4:38 PM, Serkan Ozel <serkano...@gmail.com> wrote: > So I was doing my daily development at work and noticed a Green catlog > line which was made by my Android phone to Picasa > > https://picasaweb.google.com/data/feed/api/user/[MyPicasaUserName] > > Now when you call this link, it'll give you an XML feed which also > includes links to your private photos - give it a try and see if you > guys can confirm me... > > Thanks > > -serkan >
I'm going to assume that if you send this request to picasa it only reveals private photos once you have authenticated, correct? Try pulling this feed from another computer when you haven't logged in, etc... Otherwise I believe it should just being some public feed contents, and it's probably using SSL, correct? (I mean, in DDMS you can plainly see your facebook user name / password combo being sent across as well..) Otherwise this isn't android's fault at all, it's Picasa's, and I somehow highly doubt they have that big of a security hole... Kris -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
