Is there a security vulnerability in the Xamarin account store?

RobClotherRobClother GBUniversity ✭✭

In Android, the AccountStore class is inherited by the concrete class AndroidAccountStore. In the reflected code, the implementation in all projects contains the line:

`private static readonly char[] Password = "<Redacted>".ToCharArray();`

I believe this means that any other app that knows the name of my app can access my user’s account details from a Xamarin app they have written. The password, though redacted here, is effectively public, and this means that I can’t store a user’s confidential details on their device without them being discoverable by other Xamarin apps on the device.

Posts

  • AlezhukAlezhuk USMember ✭✭

    That's very interesting and I'd like to investigate that behave. Any answer from Xamarin team about this feature?

Sign In or Register to comment.