Thank you guys, I think it was a stored cookie which made me believe that the links were still reachable even though I was logged off.
Sorry for the sirens. Case closed :/ -serkan On Dec 13, 4:44 pm, Kristopher Micinski <krismicin...@gmail.com> wrote: > On Tue, Dec 13, 2011 at 4:38 PM, Serkan Ozel <serkano...@gmail.com> wrote: > > So I was doing my daily development at work and noticed a Green catlog > > line which was made by my Android phone to Picasa > > >https://picasaweb.google.com/data/feed/api/user/[MyPicasaUserName] > > > Now when you call this link, it'll give you an XML feed which also > > includes links to your private photos - give it a try and see if you > > guys can confirm me... > > > Thanks > > > -serkan > > I'm going to assume that if you send this request to picasa it only > reveals private photos once you have authenticated, correct? Try > pulling this feed from another computer when you haven't logged in, > etc... Otherwise I believe it should just being some public feed > contents, and it's probably using SSL, correct? (I mean, in DDMS you > can plainly see your facebook user name / password combo being sent > across as well..) > > Otherwise this isn't android's fault at all, it's Picasa's, and I > somehow highly doubt they have that big of a security hole... > > Kris -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
