Security flaw for HTC Desire

philjack

When using 1password's auto-login function to connect to a webpage from my HTC Desire the time-out feature appears not to work if the phone is switched off from that webpage (ie the webpage is not manually closed). The time-out is set to 10 minutes.



When switching the phone back on (in this case after being idle overnight), the 'Go back' button on the front of the desire allows you to back page to all the stored 'logins' and use them. I have repeated this exercise twice.



Obviously a security flaw if the phone were misplaced.



Otherwise a great app!

GeneY

Hello philjack,



Thank you for the good words about 1Password for Android and for the important feedback.



As it stands today, locking feature is available on all pages except autologin console.

All other pages are automatically locked after a predefined interval or locked once the application goes into the background.Web view used for autologin doesn't lock, therefore,I do recommend you to return to the application and not to leave the application on the login page.

I will be doing a change in one of the next versions to account for that.



Best regards,

Gene

Android developer





[quote name='philjack' timestamp='1304124251' post='25934']

When using 1password's auto-login function to connect to a webpage from my HTC Desire the time-out feature appears not to work if the phone is switched off from that webpage (ie the webpage is not manually closed). The time-out is set to 10 minutes.



When switching the phone back on (in this case after being idle overnight), the 'Go back' button on the front of the desire allows you to back page to all the stored 'logins' and use them. I have repeated this exercise twice.



Obviously a security flaw if the phone were misplaced.



Otherwise a great app!

[/quote]