As the title say, a bug which has been confirmed to be around for 7 years leaks the google account password as well as the 2FA code -if enabled-.

Steps to reproduce the behavior:

  • Open MicroG Settings
  • Add a Google account
  • Login with your Google account
  • Check logcat with adb logcat | grep GmsAuthLoginBrowser

Therefore, through logcat is possible to see the password, which is a gigantic security hole. This happens even without root.

Is also important to underline that microG per se has security problems.

For more information about the bug, see here.

  • SeerLite@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    3 years ago

    Don’t you need access via adb and have debugging options enabled to even see the logcat?