[Widgets] Possible to see any note content with passcode active #1445
Comments
|
@pachlava (Hey there sir!!). I'm not sure there's anything we should do on this one, since we can't add a passcode to the widget, and the user has to willingly set it up first. IMHO we should probably close this one, WDYT? |
|
@jleandroperez Hey! 👋 I agree this is an edge case, and I'm good with having it closed, just wanted to communicate about this case and be sure it's not something critical. Thanks! |
|
Thank you sir!! |
|
An important point about widgets:
https://forums.simplenote.com/forums/topic/security-flaw-in-widgets/?view=all#post-1440 |
|
Can we add a "Not displayed in Widgets" switch to every note settings? In this way, the notes that we don't want to show can be filtered out. Or can we make the widget shown like before login? If the app has set password, just show the text "Tap in to see your notes". The last method is much easier than the first. I think it's very important. If password-protected notes can be seen, then the password feature will be meaningless.
|
I'm not exactly sure this is a bug. By adding widgets, the user already takes a step back from their notes privacy.
Expected
Again, it's hard to say it's definitely expected. This is something that wasn't an option before.
If the user has a passcode active, previously it meant that notes can't be viewed without knowing the password. Now it's possible with widgets.
Observed
Notewidget will allow to change the note selected for display without asking for passcode (first seconds are just showing the app has a passcode active):IMG_3626.MP4
Reproduced
NotewidgetNotewidget (and see the note), which bypasses the need to enter a passcode to see the note.The text was updated successfully, but these errors were encountered: