• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Android App Security Flaw

There is a security flaw in the Identity Safe android app.

I have some notes secured with a vault password for viewing on my PC, but when I open the vault on my android devices, the protected notes are available without the need to enter the vault password.

A note secured by vault password on my PC must remain secured with same protection on android app.

Please fix this design flaw.

Thanks

Andrew

Replies

Kudos0

Re: Android App Security Flaw

When you open Identity Safe on your Android, do you not have to sign in?

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Android App Security Flaw

Yes, but it is also possible to sign in with just a 4 digit pin...

On the PC client version logins and notes have the option to "hide" the display onscreen until vault password is reentered. This stops prying eyes from seeing over your shoulder etc

The android app should work the same way.

Andrew

Kudos0

Re: Android App Security Flaw

I have never set up the PIN entry on my phone. Does that not also hide the numbers as they are input? As long as you are having to log into your vault, either with password or PIN, that is about as secure as you can get. A physical intrusion, ie someone looking over your shoulder can always happen. How can you stop that except to be aware of your surroundings? How can an app protect you from that?

Or are you referring to the ID Safe screen staying available when you switch between apps? The PC version has the vault available from your task bar once it is open, unless you log out. You can also log out of the Android app if that is what you are concerned about.

If I am missing something, please help me understand.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Android App Security Flaw

You can randomize the Keypad which moves the numbers around so they aren't in order, if that will help.

Settings > Vault > Randomize Keypad.  You can still sign in with a Password if you want anyway.

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Android App Security Flaw

I don't seem to be explaining things well...

On the PC version a padlock is displayed when "require vault password" has been selected. To use that login requires re-entry of password.

On the android app this feature is strangely absent and in my opinion a flaw.

If it is deemed relevant on a PC, why is same not available on android? Either remove it from PC or add it to android. Personally I like it and believe it should be included in android version.

Andrew

File Attachment: 
Kudos0

Re: Android App Security Flaw

I see what you mean now. You have to remember that a mobile version of a product will usually not contain all the same features as a PC version of the same product. Mobile devices use much smaller amounts of memory, so it is usually not possible to include all the features offered on a PC.

Having said that, you can always post this as a suggestion in the Product Suggestions forum found here.   https://community.norton.com/en/forums/product-suggestions

Things happen. Export/Backup your Norton Password Manager data.

This thread is closed from further comment. Please visit the forum to start a new thread.