#27904: Tor Browser for Android does not protect master password screen with FLAG_SECURE --------------------------------------+-------------------------- Reporter: gk | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-mobile, tba-a3 | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------+-------------------------- Changes (by sysrqb):
* keywords: tbb-mobile => tbb-mobile, tba-a3 Comment: Hrm. Interesting. We need to enforce setting FLAG_SECURE within more parts of the app. We enable it in the browser context (https://gitweb.torproject.org/tor- browser.git/tree/mobile/android/base/java/org/mozilla/gecko/GeckoApp.java?h =tor-browser-60.2.1esr-8.5-1#n1077) but we don't set it anywhere else (such as when we switch to the preferences menu). We should enable this for every Activity. Ideally, I'd like a pref where the user can toggle it (similar to Signal) - upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1314776 -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27904#comment:1> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs