[WARNING-Update:Solved] Xfinity Mobile (Comcast) exposes password in system log
This post is regarding the Xfinity Mobile app: https://market.android.com/details?i...cast.ottclient
My system log shows <userName>MYUSERNAME@comcast.net</userName> and <password>MYPASSWORD</password> on a line that starts with "D/HTTPManager". I read the log using aLogcat (app available in the market). Open aLogcat, press menu and filter for "password". After I clear my log (using aLogcat) that line reappears even when I haven't used the Xfinity app. I don't use my comcast credentials in any other app.
To try and resolve this I cleared data and cache for the Xfinity app, then cleared the system log in aLogcat, and restarted the phone for good measure. I opened the Xfinity app, logged in without checking "remember me" and unfortunately my username and password immediately reappeared in the system log.
I posted this issue here: http://forums.comcast.net/t5/Mobile-...og/td-p/872295
. A Comcast employee responded to say they will investigate this issue and fix it within a few weeks. In the mean time, you may want to uninstall the Xfinity Mobile app
and change your Comcast password, or at least do not share your system log with anyone (in bug reports for example) if you have Xfinity Mobile installed
This may not be the only app that exposes sensitive information in the system log, but this is the only password I have found exposed.
I have a Motorola Droid running stock Android 2.2.
UPDATE - As squiddy20 pointed out, Comcast has updated their app to 2.0.2. They include instructions to clear the app data as part of the upgrade, but that may be unrelated to this issue. In any case, I cleared the app data and installed the update, and my credentials no longer show up in the log. As far as I can tell, they have completely resolved this issue.
If the problem persists for anyone else, be sure to post that here and on the Comcast forum.