can a Chrome browser plugin steal my Google password? - General Questions and Answers

i am looking for a way to schedule sending emails with my Gmail account. i came across Boomerang for Gmail which does exactly what i need it to. it installs as a plugin for Chrome browser and once installed, when i compose a new email in Gmail account, right next to the "send" button, there is now a new Boomerang send button.
what i need to know is if plugins like these can steal passwords. i know i should have thought about that before i installed it but it didn't occurred to me until after the fact. thanks for letting me know!

if permissions include access to cookies it can
Sent from my GT-I9100 using XDA App

They can easily steal your password if they're active when you type it in, but not after that.
Sent from my GT-P1000 using Tapatalk

As far as I am aware, unless they have some sort of keylogger, they cannot get your password, per-se.
However, (As also mentioned above), if they have access to cookies, they can login in your name. Additionally, some sites have the ability to hook in with google, and get "access" to your account if you approve it.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

i got that prompt to allow or deny access as well.

DarthCaniac said:
As far as I am aware, unless they have some sort of keylogger, they cannot get your password, per-se.
However, (As also mentioned above), if they have access to cookies, they can login in your name. Additionally, some sites have the ability to hook in with google, and get "access" to your account if you approve it.
Click to expand...
Click to collapse
I could quite easily write a Chrome extension that popped up a window with your username and password in it, but it would have to capture them at a login screen, and not with a keylogger.
An extension has access to every control on every page that it is running.
Chrome would tell you, when you installed the extension, that it could access your google username and password though, so it could never do anything without you first allowing it to. Saying that though, there's a lot of people that just click 'Okay' without knowing what they're clicking!

Related

[Warning] the "official" Windows messenger app is leaking your email and password

[Warning] the "official" Windows messenger app is leaking your email and password
Hello all!
I have seen that between 10 and 50 millions people are using the Windows Messenger app by Miyowa on Android.
Just to let you know, this app is leaking your email adress and username in clear text in logcat.
I created in 3 minutes a demo application that "steal" these credentials (and they are not stored in the app, that's just a demo, but if a was a bad guy, I could send that to my own server ;-)
https://play.google.com/store/apps/details?id=com.WazaBe.WindowsCredentials
One the app installed, just play a little bit with Messenger and open my app, it will display these credentials.
So the only advice I could give: uninstall immediatly Windows Live messenger!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
All I can say is WOW!!!
Sent from my SPH-D710 using xda premium
profete162 said:
Hello all!
I have seen that between 10 and 50 millions people are using the Windows Messenger app by Miyowa on Android.
Just to let you know, this app is leaking your email adress and username in clear text in logcat.
I created in 3 minutes a demo application that "steal" these credentials (and they are not stored in the app, that's just a demo, but if a was a bad guy, I could send that to my own server ;-)
https://play.google.com/store/apps/details?id=com.WazaBe.WindowsCredentials
One the app installed, just play a little bit with Messenger and open my app, it will display these credentials.
So the only advice I could give: uninstall immediatly Windows Live messenger!
Click to expand...
Click to collapse
i dont use miyowa msn but some time i use MSN Messenger: Mercury
is some to miyowa? or are diferant thank you
profete162 said:
Hello all!
I have seen that between 10 and 50 millions people are using the Windows Messenger app by Miyowa on Android.
Just to let you know, this app is leaking your email adress and username in clear text in logcat.
Click to expand...
Click to collapse
Uninstalled, thank you for sharing!
That's a serious leak, have you contacted the developer also? Hopefully they fix that soon.
Yes, they seem to have taken my warning seriously.
App has been updated and promised a fix (v2,0,88)
I have currently no time to test it but I guess they did it!

[Q] Can't edit calendar entries from exchange server

Sorry for the several pictures attached, but they will help illustrate the problem.
This is the software version I am using on the phone. I am rooted but otherwise stock.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
and
This is the version of Google Calendar I am using
I have 2 exchange accounts on my Android device. Each syncs calendar entries properly. This pic is of one of the accounts.
However, depending on the manner in which the calendar entry was entered, whether on the phone or using outlook, the notifications differs.
This entry was added using the phone. Notice the "pen" icon in the top right, which allows for editing the entry as well as the general layout of the notification.
Now notice the notification when the entry was made with outlook. It is very different, and does not have the pen icon to edit the entry.
I found the following post (https://code.google.com/p/android/issues/detail?id=13779) which seems to indicate that it is a problem with the primary SMTP address, but I removed, and then re-added the account using the exact address, and the problem persists.
I am at a loss. Anyone have any ideas. I contact my hosted exchange service, and they asked if I had updated my android software to the latest, and then said that, since they have not had many, if any, complaints about it, there was nothing they could do. Now, I am willing to live with it if need be, but I would love to correct this issue.
Update
So, I added the exchange calendar to a different android phone (TBolt) and the entries are now editable.
I then uninstalled, and reinstalled, the calendar app on the problem phone (A Rezound) and the problem is still present.
I also notice that I had two calendar applications. Notice the icons at the bottom of the picture
Perhaps there is some sort of interaction causing the problem. Anyone have any suggestions. Would love to uninstall the older calendar app, but don't see that option anywhere.
I am trying to avoid a factory wipe, and am also wondering if the latest Rezound SW update will cure the problem.
Any ideas?

[APP][4.0+] Obstructer: Obstruct access to your phone's content

Everyone knows that feeling when someone asks to use your phone but you’re scared they’ll go through your phone’s content. Once you give them your phone, they are able to go through everything important to you, including your messages, your photos and emails. Imagine yourself jogging and a child comes up to you and asks to use your phone so that they can find their mother. You give them your phone, and after they call their mother they go through your photos. This is obviously a privacy concern, and it’s a wonder why there isn’t a way to avoid this. Modern day computers have a feature so that when someone asks to use your computer, they can’t go through your personal files, they’re all hidden. You would think that with the way technology is advancing in this day and age, smartphones would have this feature also. That’s why Obstructer was developed, to offer a solution to this problem.
When you first open Obstructer, it prompts you to set it as the default launcher. This is to ensure that the home button is disabled. The user is locked into the app and nothing is accessible, besides the calling feature, of course. When that person is finished with their call, a password prompt opens. When the correct password is entered (“1234” is the default), Obstructer is disabled and your phone is returned back to normal. It is a simple app to use, but helpful in a lot of ways. The free version includes all of these features, and the paid version adds a messaging feature, so that someone can send a message to someone without being able to see your messages. A photo feature is coming soon, so that you’ll be able to show someone one photo without them being able to scroll through your whole photo gallery.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Features​
• Simple dialer app that hides the notification bar, recent apps and disables the back button.​• Password protected so that the user is locked into the app (“1234” is the default).​• Small footprint​
• Full version adds:​o Private messaging service so that your messages cannot be seen.​o Ad free experience.​o Coming soon: Photo viewer so that only one photo can be seen.​
Website: http://www.i-m.co/avanosapp/Obstructer/
Lite version: https://play.google.com/store/apps/details?id=com.mshaw.avanos8.lite
Full version: https://play.google.com/store/apps/details?id=com.mshaw.avanos8.adfree
Email: [email protected]

Question how to bye pass organisation know security

Got this brand new A 32 5g phone. when i try to set it up it says that my organisation can control my device with knox cloud security, it does allow only limited apps via the google play store.
Is there any way to disable this and use your own Samsung account to sign and to restore this from an old backup.
many thanks
PS Just reading about Samsung Frp2020 , will this app help me to bypass
After seeing a youtube video, i have tried the Samsung Frp and use addrom, it allows me to restore from an old back up.
but when i go back it again takes me to the Knox page and asks me to enter my work email address and use ADFS seetings.
can some one help me please.
this is a new phone with no passwords setup currently.
I have done this 3 times and when i dont enter any details in the Knox and keep pressing the back up it gives the option to reset the phone and when i reset the phone i am back at square one.
i have just seen that it has intune security embedded into the phone. it activates when i am setting up the phone from scratch and wants me to add wifi to complete the setup
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Microsoft Intune to Bypass MFA

			
				
then it takes to the device setup methods which states EMM provider (enterprise mobility management (EMM) provider).
here are some pics for you to have a look.
after taking you the organisation sign in page if you dont put the correct credentials and put any other account detials it doesnot accept this and i have the option to restore the device which sets it back to factory reset.
Hey.
Did you ever find a solution to this?
I have pretty much exactly the same problem with a Samsung Tab S6 Lite and have yet to find a solution that works. Used Odin to flash new firmware and made no difference at all. The Microsoft sign in requirement via Knox Cloud Enrolment is still very much there.
All the articles and software I've found online seem only to relate to bypassing FRP (factory reset prevention) for a Google account.
???

omacp "unsupported browser", what browser?

I've got a Unihertz Jelly 2 with T-Mobile service. It's running Android 11. First thing I did when getting it, about two weeks ago, was disable a bunch of Google-ish apps because I'd mostly like Google out of my life. I know from past experience that I can't disable them all because, eg, play store is too useful for me to do without. I'm afraid I may have caused this issue I'm seeing because of my disable frenzy and I'm hoping someone can help me understand what's gone wrong.
Every couple of days I get these messages from number 2903: "We see your phone does have correct settings to access the internet or send MMS. Settings will be sent to your handset."
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
They are accompanied by notifications from Omacp app:
In Omacp I see requests to install things. When I click the button to do the full install I get a report that the APN installed fine but the "browser" failed:
Afterwards it tells me the browser is "unsupported":
What "browser" is it talking about? I thought it might have been Chrome, which was one of the apps I disabled, but re-enabling Chrome did not resolve this.
Still disabled on my phone: Assistant, Calculator, Calendar, Drive, Duo, Files by Google, Google TV, Keep Notes, Photos, Youtube, Youtube Music.
Not disabled (because I thought it would break stuff, I coudn't, or the warning messages too dire): Android Accessibility Suite, Android Auto, Android System Webview, Carrier Services, Game Mode, Gboard, Gmail, Google, Google Play Store, Maps, Messages, Phone, Settings, Sim Toolkit.
When I get the messages from 2903 for omacp, I need to do the install or MMS messaging does not work. This sort of feels like it should be happening automatically in the background.
I have the same issue. Any resolution on this?
What browser
@neccowafer
Delete Omacp: it's a virus!
The virus may perform the following malware-related activities without your permission:
Periodically scan the phone.
Obtain the phone's contacts.
Complete control of the SMS solution.
Complete control over the phone calls phone.
Changing the malicious web server from which virus files are downloaded.
Creating a lock screen on your device and displaying a third-party website.
Running scripts that collect password and username information for various purposes.
Turning off and/or restarting your device.
This is why removing the OMACP virus from your Android is highly advisable.

Categories

Resources