Day One Android Application Vulnerability Report
-
Dear Day One Security Team,
I am a researcher with a primary focus on mobile security. I have identified some potential security vulnerability while using Day One. I believe this issue may pose a risk to the protection of user data, and I would like to promptly share my findings with you to help enhance the security of Day One.
Vulnerability Description:
Day One implements a Passcode mechanism to lock the app, but I find the Passcode fails to be invoked when specific activity is resumed. Vulnerable Activity is listed as follows.
ID Activity
1 PlacePickerActivity
This vulnerability may pose a risk of sensitive data leakage. This activity is allowed to access to other activities within Day One without passcode lock protection through various means such as backtracking or clicking.
I hope this issue can be investigated and addressed as soon as possible to improve the application’s security and protect user data. Please contact me for more details or any assistance needed to confirm this vulnerability.
I look forward to your prompt response!
Sincerely,
A researcher
-
Thanks for reaching out to us! Please, share any security reports on https://hackerone.com/automattic so the appropriate team can take action on them.
Day One Forums 