Zappl Ios Posting Pass Leak!
Please discontinue your use of the Zappl IOS app.
Encoded username and password are being sent to the server. Zappl IOS currently has an issue with the encoded passwords that are stored in your device being sent to the server. Normally its only supposed to send a session to the server.
Normally zappl works by storing your passwords in the browser or device and it sends a login session to the server. But instead its sending the username and password which it isn't supposed to being doing.
Our servers have not been breached and we have file shredded the node logs but just in case you feel the need please reset your posting keys.
We have taken the IOS app out the app store, but it will take some time to come down. So please let people you know for the time being to wait for the new update.
We are working as fast as possible to fix the issue. Any fixes we upload can take up to 8 days for the review process to go through. But on average it takes about 12hours - 2days.
To reset your posting private key password you can use https://steemit.com/@usernames/password
You can also use the trusted desktop wallet vessel https://github.com/aaroncox/vessel
thanks for the latest information, I really appreciate the hard effort of the zappl ,, and I will mention this information to people I know ..thanks
Thanks for spreading the information.
yes, equally .. so there are few complaints of people who use zappl application, they say directly to me ,, what they say is about the increasingly reduced Upvote ,, so what I want to ask on zappl is ,, can zappl provide Upvote a little more than usual.?
That's based on SBD value, With btc price crashing its going down more and more. The reason its not a 1% upvote anymore is because we have thousands of users and those were only the rates at the start of the app.
We allowed people to abuse the first two days. We figured out their tricks and learned abuse methods to not reward abusers. Average voting is now 0.5% upvotes but with the price getting lower and lower we will look into raising it for the difference.
Zappl will not be paying everyone on every posts.
Why is there a problem with the encoded password stored on the device?
Can this cause problems with user accounts ??
Please explain in detail so we can understand ..
Thank you
We added a more detailed explanation in the post what it means.
thanks for the latest information, I really appreciate the hard effort of the zappl ,, and I will mention this information to people I know ..thanks
I hope this change does not complicate the application users zappl ,.
It shouldn't have any effect people should just wait for the next update before use.
this may be a big problem. password issues. thanks for letting us know quickly, so we can stop it quickly
The issue was caught early so almost it would effect around 20-35 or so users who downloaded it. But just to be clear no passwords have been stolen.
Thank goodness if the password is secure. thank you once again for being so quickly told
Resteemed for visibility. Thanks for the alert
Thanks
Well received. Thanks for heads up.
Ok thanks sir
This seems to be a regular occurrence with your platform. I don't think I will be using it anymore.
These issues are different than the one before, the last issue was a possibility of the node storing encrypted passwords if a node was down in the error file. This issue is encoded passwords being sent, android and website don't do this. So this is likely a developers version that was uploaded to track on their side.
Zappl is in beta and the ios app just came out there hasn't been much testing of the application. More than one of the apps in the community have had security issues as well so. This isn't just a Zappl issue other applications that have had security issues or patches.
Good information,, l like your post @zappl
thanks to Zappl who has shared the latest information, one thing I want to ask Zappl ,, how to share post when zappl app slows down, can we make post in different app to get votes from Zappl.. ? thanks