Hi
I just found an app for my school scheme (which set alarm, notifications about new classes and so).
But I'm curious if such an app can see my login details and what I do in it when I use i.
The rights it asks for is
Identity
Pictures/media/files
So what i'm asking, is what this app more specific can do. As it's some random dude who made it. The app itself is more than great, but I don't want that he have my login details to my school.
Thanks in advance
Login details to what?
sndsnd said:
Login details to what?
Click to expand...
Click to collapse
If I login on the app to my school. Can the app send the data to the "guy" who made the programs with the listed permissions the app use?
So you're asking if some random school app is able to share your login details with the app developer, right? So, I'm asking again, login details to what?
I think that the application is made by some of the students, and every student have its username/pass to login to the school system and see schedules, exams, etc. I think that the developer can somehow collect usernames and passwords.
Oh, then it's dependent on the server and not the application itself. Passwords can be either stored in plain text or encrypted/salted/hashed. I wouldn't worry too much about the admin getting hands on my account on his own server. Bad things can happen if you use the same password for other stuff too - but you should never do it anyway.
Related
..
nikko1000 said:
some idiot at Palringo hacked my IM accounts.....all people who have been hacked, please contact me, so we can try to bring this company down!
195.97.243.239 is the ip address that i tracked down as the hacker, and the first company that shows up on this ip address is
IP address: 195.97.243.239
IP country: United Kingdom
IP Address state: Middlesbrough
IP Address city: Middlesbrough
IP latitude: 54.5728
IP longitude: -1.1628
ISP: Onyx Internet Ltd
Organization: Palringo
BEWARE ALL ANDROID USERS - NEVER EEEEVER USE PALRINGO
- if you got hacked - send my a pm at my youtube account - sleepyboyproduction
(i can't really put my email out.....its too dangerous atm)
Click to expand...
Click to collapse
What makes you think it was someone at palringo that did it?
more detailed explanation
TechnoHippie said:
What makes you think it was someone at palringo that did it?
Click to expand...
Click to collapse
Let me make this more clear for you.... I recently downloaded the palringo app....that comes from palringo....I got a message from my server that says an ip address in the UK has been searching through my accounts. So I tracked them down, and it went straight to palringo. The application stole my account info
@nikko1000
Actually your explanation isn't very clear.
nikko1000 said:
I got a message from my server
Click to expand...
Click to collapse
What server? How did you get this message?
nikko1000 said:
an ip address in the UK has been searching through my accounts.
Click to expand...
Click to collapse
"searching through my accounts"? What does this mean? And what accounts: accounts of IMs that you have connected to your Palringo account?
nikko1000 said:
The application stole my account info
Click to expand...
Click to collapse
What account?
Brut.all said:
@nikko1000
Actually your explanation isn't very clear.
What server? How did you get this message?
"searching through my accounts"? What does this mean? And what accounts: accounts of IMs that you have connected to your Palringo account?
What account?
Click to expand...
Click to collapse
- ok maybe you don't get this...
1. I downloaded palringo on my android phone
2. I got a message saying that i can't log in on the app
3. I went online, and i got a message from my email, saying that there is suspicious activity on several accounts, coming from 1 ip address
4. I looked up the IP address, it went straight to palringo
5. I posted this up, and complained multiple times, and looked up other people having the same problem.
nikko1000 said:
- ok maybe you don't get this...
1. I downloaded palringo on my android phone
2. I got a message saying that i can't log in on the app
3. I went online, and i got a message from my email, saying that there is suspicious activity on several accounts, coming from 1 ip address
4. I looked up the IP address, it went straight to palringo
5. I posted this up, and complained multiple times, and looked up other people having the same problem.
Click to expand...
Click to collapse
So what happens when you try to log into palringo via there desktop app?
You said you were able to check your email - so does this mean your IM accounts that palringo uses are still working?
You didn't answer most of my questions, but nevermind...
Why is it so weird and suspicious to you, that there were connections from Palringo IP, if this is exactly what Palringo should do?
Brut.all said:
You didn't answer most of my questions, but nevermind...
Why is it so weird and suspicious to you, that there were connections from Palringo IP, if this is exactly what Palringo should do?
Click to expand...
Click to collapse
you're still not getting this - they showed that they logged in with their ip address, and changed information on mine, without permission, obviously meaning that they logged in, with the info that was given to them
they showed obvious proof that they were trying to change my password, so i had to recover it through my cellphone
nikko1000 said:
they showed obvious proof that they were trying to change my password, so i had to recover it through my cellphone
Click to expand...
Click to collapse
Please describe the "obvious proof".
unable to log into my account, with my password.....
nikko1000 said:
you're still not getting this - they showed that they logged in with their ip address, and changed information on mine, without permission, obviously meaning that they logged in, with the info that was given to them
Click to expand...
Click to collapse
Yeah, but this is how Palringo works - it connects to services from Palringo servers. So if e.g. someone guessed your Palringo password, then he got access to all your connected accounts and all connections were from Palringo IP.
I mean: that may not be a guy from Palringo, but anyone who got access to your Palringo account.
this is not a random person, my password is practically un-guessable.... its a 20 letter code.... example : XAO352Fs3934HOe93kdj..... and who would have access to my account? i don't share my password, or my cellphone
nikko1000 said:
unable to log into my account, with my password.....
Click to expand...
Click to collapse
1. WHICH Account? Do you mean just your palringo account, or all the IM accounts you are using with it?
Here is my guess of what's happened.
You installed Palringo on your Android device, started up and everything looks normal.
Now ONE (or maybe more?) or your IM accounts is indicating there was some weird activity.
You went to whatever IM account and noticed a bunch of connections from the palringo servers. (This is OK and actually not a problem - as that's how the palringo service works)
Thus - your handheld is probably logging you out and logging you in again over and over - which causes your IM service to think there is a problem when there is not. Either your 3G is going off or your wifi is going off - prolly when you put your phone in standby.
TechnoHippie said:
1. WHICH Account? Do you mean just your palringo account, or all the IM accounts you are using with it?
Here is my guess of what's happened.
You installed Palringo on your Android device, started up and everything looks normal.
Now ONE (or maybe more?) or your IM accounts is indicating there was some weird activity.
You went to whatever IM account and noticed a bunch of connections from the palringo servers. (This is OK and actually not a problem - as that's how the palringo service works)
Thus - your handheld is probably logging you out and logging you in again over and over - which causes your IM service to think there is a problem when there is not. Either your 3G is going off or your wifi is going off - prolly when you put your phone in standby.
Click to expand...
Click to collapse
that is probably what happened.... but how do you explain the fact that my password was changed on facebook, and gmail?
nikko1000 said:
that is probably what happened.... but how do you explain the fact that my password was changed on facebook, and gmail?
Click to expand...
Click to collapse
Good question. It *does* sound like you hacked somehow - but I seriously doubt that anyone at palringo had anything to do with it.
Either someone got your palringo username/password and then changed your passwords to gmail and facebook via that (if you even can) - or you were hacked some other way.
I would take a close look at your home computer (or any other machines you've used lately) and make sure you have no virus / trogans / mailware etc on those because odds are that's actually where the hack happened.
Have you had any luck recovering your facebook and gmail accounts? What a bummer I know how bad that sucks.
So, IP addresses usually point to ISP s... How did you track and identify this organization or individual?
Sent from my Nexus One using XDA App
He bactrack it and now there's going to be serious consequences
.... Hope someone gets this :0
chibixzero said:
He bactrack it and now there's going to be serious consequences
.... Hope someone gets this :0
Click to expand...
Click to collapse
he done goofed
I'm still waiting to see actual evidence.... Otherwise, as they say, pics or it didn't happen.
I've had a GMail account for years, and never once had a problem. I recently got an Android phone, and started getting GMail delivery failures for emails about "acai berry" slimming, which obviously is spam I didnt send. As a developer, I can understand that servers can be hacked, and nothing is perfect.
Earlier in the week I couldn't check my GMail email from my Android phone. I then logged in from my PC & was told there was suspicious activity. I got an access code sent by SMS & reset my password. I then checked the suspicious activity & found 2 accesses to my account from Poland. Definately not me. I still thought someone had hacked the server.
But last night alarm bells started ringing. I was running some API example code in Eclipse through the debugger on the emulator, and saw in the LogCat window some messages about permissions being requested by the app. One of them being requested was "ACCESS_GMAIL_PASSWORD" (may not have been the exact wording - I forgot to make a note of it) but it definately said GMAIL & PASSWORD in the permission name.
Now it was only in the Emulator, which didnt have any personal info in it. But when installing apps from the Marketplace on my real phone, I always check the permissions very carefully & wouldnt have installed anything that requested my GMail password. I cant believe Google would have provided API methods to access my GMail password ? Is this right ? Is it possible for an app to do so without me knowing it has permission to do so ? If its possible, I may have to reconsider using GMail.
Thanks for any feedback.
Well some apps do actually require the Google login credentials. Like appbrain for example. And I've been using appvrain forever with no problem.
Sent from my DROIDX using Tapatalk
Yeah, but shouldn't we be aware of these permissions when we are installing. I know I haven't installed any apps that explicitly said they would access my GMail account.
Well I've checked for the following applications I've got on my phone and that use Gmail password:
- Android Market
- Chrome to Phone
- Gmail
- Google Reader
- GTasks
- Google Maps
and for all of them in the Authorisations list it is clearly written "Use an account authentification information" (I've translated from what I read in French so it may not be the exact wording in English).
So IMO if you use at least Android Market and Gmail application you have inevitably given access to your Gmail password.
On that list I have
- Android Market
- GMail
- Google Maps
All were pre-installed on the phone. Also, I trust the authors of these pieces of software. The problem is my GMail account has been accessed by a spammer sending "Acai berry" slimming emails. I dont think Google would misuse my GMail password for this purpose.
I am more concerned that I have been downloading apps from the Marketplace & one of them got my GMail password. I realise that apps have "Full internet access" when they are ad sponsored, I suspect a rogue app accessed my GMail password & then used its internet access to send the password to a spammer.
I have several apps from sources I dont fully trust, with "Full Internet Access". But I dont have any that asked for Account Authorisation when installed.
Is there any way I can recheck what apps can access my GMail password ?
Thanks.
There is an app on the market called task identifier that should help you out.
Sent from my DROIDX using Tapatalk
Looks exactly what I'm after. Thanks.
gungh0 said:
Looks exactly what I'm after. Thanks.
Click to expand...
Click to collapse
No problem. Good luck with it all.
Sent from my DROIDX using Tapatalk
Hello everybody,
My brother opened his facebook account in the web browser of my HTC Sensation. He did not sign out and his account is still open.
Is there any way of learning his saved password from somewhere in the phone? Maybe from a cookie or registry? I searched a lot but could not find any method for this. I need your help.
Thanks.
Why cant you just go to settings and allow cookies
Sent from my Kindle Fire using xda premium
I did not understand your solution. Can you explain?
What kind of person goes through extreme measures to try and figure out their brothers facebook password?
conqueror3 said:
Hello everybody,
My brother opened his facebook account in the web browser of my HTC Sensation. He did not sign out and his account is still open.
Is there any way of learning his saved password from somewhere in the phone? Maybe from a cookie or registry? I searched a lot but could not find any method for this. I need your help.
Thanks.
Click to expand...
Click to collapse
Any cookies will have encryption on them, so no, you're not going to get your Brother's password.
You have 2 options.
Delete all cookies, therefore deleting your Brother's login to his Facebook account and returning his privacy.
Frape the crap out of him and teach him never to log in and tick "remember me" unless he's happy for everyone else to use the same account.
Personally, I'd go for number 1, but that's just because I'm not someone who takes pleasure in other people's discomfort.
Hello
I'm using LG Optimus Black 4.0.4 - stock rom, rooted.
I want to transfer my company email account from default email application to K-9 email app. But i dont remember the password. Is there any location that we can see the password? I've found wi-fi passwords as plain text. I hope I can read email password too.
dnzksr said:
Hello
I'm using LG Optimus Black 4.0.4 - stock rom, rooted.
I want to transfer my company email account from default email application to K-9 email app. But i dont remember the password. Is there any location that we can see the password? I've found wi-fi passwords as plain text. I hope I can read email password too.
Click to expand...
Click to collapse
Why not reset the password (or click on 'Forgot Password')?
That way you can create a new password, and log in using that. :good:
dnzksr said:
Hello
I'm using LG Optimus Black 4.0.4 - stock rom, rooted.
I want to transfer my company email account from default email application to K-9 email app. But i dont remember the password. Is there any location that we can see the password? I've found wi-fi passwords as plain text. I hope I can read email password too.
Click to expand...
Click to collapse
u can reset the pass.
this is like stealing!!!
immortalneo said:
Why not reset the password (or click on 'Forgot Password')?
That way you can create a new password, and log in using that. :good:
Click to expand...
Click to collapse
what are you talking about? did you understand what i said? ı am using android email application. not web page.
I want to see my password on my phone. I have found that it is stored in a DB file. I need this file's location.
dnzksr said:
I want to transfer my company email account from default email application to K-9 email app. But i dont remember the password.
Click to expand...
Click to collapse
dnzksr said:
what are you talking about? did you understand what i said? ı am using android email application. not web page.
I want to see my password on my phone. I have found that it is stored in a DB file. I need this file's location.
Click to expand...
Click to collapse
Of course I understood you mate. You want to use K-9 email app to manage your company email account, right? But you don't remember it's password. So, the easiest way is to reset the password and set a new one. Then you can enter the new one in the K-9 app and login! Simple. :good:
dnzksr said:
what are you talking about? did you understand what i said? ı am using android email application. not web page.
I want to see my password on my phone. I have found that it is stored in a DB file. I need this file's location.
Click to expand...
Click to collapse
XDA gets very suspicious when someone new signs up to the forum and their first question is about something that could easily be used to obtain hidden information that you shouldn't do.
How do we know that you are not trying to access someone else's email password without their permission?
If this is, truly, for your own work email then just ask the IT department to reset your password - but it is highly doubtful you have really forgotten your work password and sounds dodgy.
I had a similar problem as well. My email password could not be changed, there was no way to recover the password through the provider, and the workaround would have been to wait a few months for the account to be deleted and then reregister. Thankfully, I found the solution with a little googling.
Browse to /data/user/0/com.android.email/databases and copy EmailProvider.db to your computer. Other phones might have their database in a different location. Download and install Sqlite Database Browser from sourceforge.net if you haven't, and then skip down to the sqlitebrowser instructions here:
http://ubuntu42.blogspot.com/2011/11/android-recover-mail-password.html
Decrypt the password
On samsung phones, the passwords in /data/user/0/com.android.email/databases/EmailProvider.db are encrypted. You will need to use the 'samsung-password' decryption tool: lovasoa.github.io/samsung-email-password-decrypt/
SimonTS said:
XDA gets very suspicious when someone new signs up to the forum and their first question is about something that could easily be used to obtain hidden information that you shouldn't do.
How do we know that you are not trying to access someone else's email password without their permission?
If this is, truly, for your own work email then just ask the IT department to reset your password - but it is highly doubtful you have really forgotten your work password and sounds dodgy.
Click to expand...
Click to collapse
O STF up do you know how many emails i have? No But i'll tell you 2 personal 3 for work a spam and 2 for shopping not everyone likes using one or two emails for 700 things. you know how hard it can be at times to remember passwords... tell me haven't forgotten a password and wish you could just recover it without having to fight to reset it. sometimes it's not as simple as yahoo where you don't even have to be the owner of the ****ing email to to reset it. Not only that but again he has it on his old phone trying to put it on his new phone or switch apps to something simpler... i'm with him i have about 4 phones with emails on them i don't even remember making... so NO actually he sounds like a legit worker that is tyring not to a piss off the I.T. guys by giving them more **** tastic jobs that we just loving doing. because it's not like we don't have More pressing matters to attended to like fixing your printer that people like to over cram so they have to refill it less often. or constantly keeping you in work by repairing your computers that crash on you well you are doing graphs and slide shows. we would love to stop all that to reset your password you should have put in a secure place to begin with.
Scornedlodas said:
O STF up...
Click to expand...
Click to collapse
TLDR...
Did you really create an account just so you could respond abusively to my post from 4 1/2 years ago? Srsly?
immortalneo said:
Why not reset the password (or click on 'Forgot Password')?
That way you can create a new password, and log in using that. :good:
Click to expand...
Click to collapse
maybe can you contact customer service?
https://images.app.goo.gl/hb7wgTc3ska4xGQg8
Sent from my OnePlus7Pro using XDA Labs
To make it as simple as possible:
I registered my accound and bound it to certain gmail address that I use for basically everything.
When I log in using my ACCOUNT NAME, it redirects me to this account. But when I use GOOGLE+ login form, it logs me into some wierd new account called bill pap CLICK ME, despite the fact that my gmail is bound to Amadeusz90.
What is going on, did somebody try to hijack my mail/XDA account? How the hell do I get redirected to some weird account while using my own e-mail?
Can you give it a look, XDA team? Thanks in advance.
Amadeusz90 said:
To make it as simple as possible:
I registered my accound and bound it to certain gmail address that I use for basically everything.
When I log in using my ACCOUNT NAME, it redirects me to this account. But when I use GOOGLE+ login form, it logs me into some wierd new account called bill pap CLICK ME, despite the fact that my gmail is bound to Amadeusz90.
What is going on, did somebody try to hijack my mail/XDA account? How the hell do I get redirected to some weird account while using my own e-mail?
Can you give it a look, XDA team? Thanks in advance.
Click to expand...
Click to collapse
Hello,
It seems like your browser is at fault. Try a different one or clear cache and try again.
Regards
Vatsal,
Forum Moderator.