Jump to content
Unibet Home
Poker Community

Potential security issue on android tablet

SkilfulPoker

By SkilfulPoker

    • Priority: No Priority Status: Closed (won't fix)
 Share

The tablet demo'd is: 

Samsung S8 Ultra 5G

Software on tablet OS last update : 8th March 2024 

Samsung One UI Version 6.0

Android Version 14

 

Bug is that when you exit the app, by swiping up and leaving Unibet, the app closes and is no longer present as a background app running, however when you re-open it , it doesnt ask you for a user name or password, so if you have exited the app, and leave your tablet unlocked anyone can open unibet with full access to your account. 

Video to demo below, (in the video there is 1 background app running but that is the screen recorder, when you click background apps unibet isnt listed after you have closed it, despite it bypassing the login screen when you reopen it).

 

Video demoing attached to this report.

 

Date issue occurred

28/03/24 00:30

Steps to Reproduce

Open unibet, log in, swipe up from bottom of screen to activate the app viewer, then swipe unibet up off the screen to close. Re-open unibet from the home screen.

Client(s) impacted

Android app

About Device

Samsung tab S8 ultra , one Ui 6.0, android 14

 Share
Go to issues

User Feedback

Recommended Comments

Livertool

I would say thank god for not needing to type username & pw everytime you exit and re-enter app.

Just don't leave your apps and devices laying around unlocked so someone can take advantage of it.

  • Like 1
Link to comment
Share on other sites
Stubbe-Unibet

Thanks for the report, @SkilfulPoker!

As @Livertool says above, it'd be a nightmare, if minimizing the app would kill your session instantly. The same could be said if you are using the website on your pc but then switch to a different tab in the browser; should we then kill the session as well?

The session is killed eventually, when the idle logout time is reached, and this is generally how most apps work, for the simple reason that people switch between apps a lot and there's no security issue as long as you're eventually logged out due to inactivity 🙂

  • Like 1
Link to comment
Share on other sites
SkilfulPoker
1 hour ago, Stubbe-Unibet said:

Thanks for the report, @SkilfulPoker!

As @Livertool says above, it'd be a nightmare, if minimizing the app would kill your session instantly. The same could be said if you are using the website on your pc but then switch to a different tab in the browser; should we then kill the session as well?

The session is killed eventually, when the idle logout time is reached, and this is generally how most apps work, for the simple reason that people switch between apps a lot and there's no security issue as long as you're eventually logged out due to inactivity 🙂

Hey Stubbe just to clarify in case it wasn’t clear this wasn’t minimising the app (i demod in the attached video) it was exiting it. The app was no longer running I had exited it. 
 

So I hadn’t simply switched to another app or out of the app, but I terminated the app.  This is typically how you exit any app on an android tablet, and the app wasn’t listed as a running background app after doing this.
 

Here are the gestures/actions I used. The video I attached of the actual error is only visible to Unibet staff I think. 
 

This may well be intended from what you’ve mentioned above anyway, but just clarifying in case any misunderstanding. 🙂

 

 

Link to comment
Share on other sites
Rushbie

Rushbie 4,154

Posted (edited)

Call it an issue or not, but true issue is the mobile MTT lobby freezing continuously (Samsung), to which the killing of all apps is a fast cure.
The idle time that remains despite logging out or just killing apps is a bliss, in order to log back in quickly, IMO.
Like said above, good to use phones/tablets screenlocking password for it, if the issue becomes realistically troublesome.
It is a thing that happens, tho. Everytime.

Edited by Rushbie
Link to comment
Share on other sites


Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

Gambling can be addictive. Play responsibly.

Copyright 2021, Unibet. All rights reserved.

"UNIBET" is a registered trademark. UNIBET is not affiliated or connected with sports teams, event organisers or players displayed in its websites. UNIBET is not affiliated or connected with any mobile brand

This website is operated by Trannel International Ltd whose registered office is Level 6 - The Centre, Tigne Point - Sliema, TPO 0001 - Malta

The official number and date of issue of the license is MGA/B2C/106/2000 issued on 1st August 2018 valid until 17th July 2028.Trannel International Ltd is licensed by the Malta Gaming Authority (MGA). This public regulatory body is responsible for the governance of all forms of gaming based in Malta. Find out more about the MGA at www.mga.org.mt

Gambling can be addictive. Play responsibly.

×
×
  • Create New...