I just started using eSteem more and more especially very handy when replying or posting comments. However, it is a bit slow and unresponsive at times in iOS but today I am going to share an issue that is kind of a security issue for me.
What Happened As User Experience
-- 1. I was trying to access the Search feature of the app which is available under the context menu of the app on upper right hand corner. You can click on three dots "..." to open is and that's how it looks
-- 2. Suddenly I had to push my Home button on my iPhone to move to another app. I worked on the other item and opened the eSteem App and found the first issue, which is highlighted below. You can that the app asks me to enter Pin Code but still shows the context menu.
-- 3. The issue does not end there because as a security measure I had applied the Pin Code so that no one can use the app without entering the Pin Code that I enabled from settings option of the app. I have access to all four context menu options and most critical one is "Submit a story" button. The other three options aren't of that much severity as the context menu closes and action is applied in the app.
-- 4. However, if you tap/click the "Submit a story" button, you will get to your Submit story form without user entering the Pin Code
Expected Output
The context menu should not be visible if I have not entered the pin code and user should never be able to reach/open "Submit a story" form without entering the security Pin Code to open the eSteem app
Steps to Reproduce the Bug
-- 1. Open eSteem app on iPhone 6 with iOS 11.2.1
-- 2. Enter eSteem app security Pin Code to open your app. Make sure you have enabled the Pin Code under your eSteem -> Settings -> Security option.
-- 3. Click on the three dots "..." on upper right hand corner of the app to open the context menu. It will open the Context Menu with four options.
-- 4. Press the home button of your iPhone 6 to minimize/hide the eSteem app tocome to home screen of iPhone 6
-- 5. Open the eSteem app again.
-- 6. Issue 1: The Context menu is visible with all 4 options with Pin Code pad below. User can select any option now.
-- 7. Issue 2: While the first three options only closes the context menu and have effect inside the app. Clicking on "Submit a story" option opens up the Submit a story form and user will be able to submit the story without entering the security Pin Code. To me it is kind of a security issue that any one can have access to your phone while the eSteem app is minimized or hidden and if he opens the app in this condition, he can go ahead and submit a story without you knowing it.
Pictures / screenshots of the app are shared above. Let me know in case any other input is required to reproduce the issue.
Environment Details
Phone: iPhone 6
Operating System: iOS 11.2.1
Posted on Utopian.io - Rewarding Open Source Contributors
you have well explained your point of view your contribution is approved.
You can contact us on Discord.
[utopian-moderator]
Thanks a lot !! I appreciate you understanding it and approval of it. I will keep up the efforts to improve further.
Enjoy the vote and reward!
thank you :)
Good One Dheeraj :)
i don't have a password so can't comment on security thing however this slow and going unresponsive is quite irritating. M on move most of the times so using app extensively and would be great if these issues gets fixed.
Yeah Sanchit, it indeed is and well I am sure that @good-karma would be working very hard to get it right. I saw one post where lots of updates are going to be coming our way in 2018 with even new UI. Looking forward for it to get stabilize and more robust.
Your contribution cannot be approved yet. See the Utopian Rules.
your contribution is very similar to this one
https://utopian.io/utopian-io/@thegoldenphoenix/esteemapp-a-serious-security-bug
You can contact us on Discord.
[utopian-moderator]
@thegoldenphoenix, with due respect, the contribution you are suggesting is for different app and different behaviour while this is a bug in eSteem Mobile app not Steemiz Post Reward.
wrong link sorry for that @devilonwheels this is the correct link
https://utopian.io/utopian-io/@thegoldenphoenix/esteemapp-a-serious-security-bug
Hmm, I see your point in this one. However, the steps to produce the two issues to me are still different and they are on different platforms.
Every bug is different IMHO in case the steps required to produce the bugs are different. In your video you are by passing the pin code in Android app if I understand correctly but in my case first of all it is UI bug that context menu did not even close even after closing the app. Then, without entering or pressing back button I was able to access the whole context menu. I reported another one that has similar behaviour to start with but then freez the app altogether in iOS.
Again, I will leave it to your best judgement you being a mod but as I said in bug category I do believe unless the steps to reproduce any bug are not the same, it should not be considered same and that too on different platforms.
Hey @devilonwheels I am @utopian-io. I have just upvoted you!
Achievements
Suggestions
Get Noticed!
Community-Driven Witness!
I am the first and only Steem Community-Driven Witness. Participate on Discord. Lets GROW TOGETHER!
Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x