Potential Security Bug


(Kieron Hadlington) #1

Hi All,
Not sure if this is an isolated incident; however I updated the Mondo App and it is asking me to re-authenticate using e-mail. I have received the email but not re-authenticated so still get the splash screen, yet when I make a transaction I still get the notification come through. Is this a known issue, if not I thought i’d best bring it to your attention.

Currently running iOS 10 Developer Beta 3 and Mondo App 1.5.3


(Rika Raybould) #2

I would theorise :spy: that it’s one of the services not removing the notification token entry for the device when the app login token is in any way invalidated (through logout or any other form of revocation). The pairing between your account and the APNS token is still there so the notification system keeps sending them. Seen the same issues in other apps.

If true, that uhh… really needs fixing.


#3

Ya. That’s probably a problem with how Apple does notifications. Had this with Snapchat after I had to reinstall it. All the notifications would come twice, one from the old ‘token’ and another from the new one.


(Tristan Thomas) #4

Thanks! We’re aware of this and will be fixing it :slight_smile: For now, deleting/logging in as another user should clear the notification linkage