Luke 42674 Posted January 13 Posted January 13 Quote In that previous thread, @Luke mentioned that Emby should automatically time out after 10 minutes, but that's not working as intended. Hi, what app version number have you tried with?
Tigga5 42 Posted January 14 Author Posted January 14 14 hours ago, Luke said: Hi, what app version number have you tried with? I've tested multiple Android releases up to the current Play Store release of 3.5.16, and the PIN bypass via the Home button issue is present in all of them.
Tigga5 42 Posted yesterday at 10:18 AM Author Posted yesterday at 10:18 AM (edited) @Luke Any plans to address this now that it's been over 8 months since it was first reported? This is still a critical security gap on v3.5.36. The app isn't forcing a re-authentication check when resuming from the background via the Home button, completely breaking user profile isolation (and making it trivial for kids to access admin/parent profiles). Can we get an update on fixing the resume/focus lifecycle hooks for the Android app? Edited yesterday at 10:18 AM by Tigga5
Luke 42674 Posted yesterday at 01:55 PM Posted yesterday at 01:55 PM Hi, it should after a few minutes if you set the startup option to show login screen.
Tigga5 42 Posted 4 hours ago Author Posted 4 hours ago 20 hours ago, Luke said: Hi, it should after a few minutes if you set the startup option to show login screen. We've been over this for 8 months, and it's clear you're just dismissing the problem since security apparently isn't a priority for Emby. That is absolutely not how the app behaves and the issue is trivial to reproduce. Why are you so adamantly against fixing a basic security flaw that leaves restricted profiles completely exposed? It is extremely odd that you would rather shove your head in the sand and pretend a reproducible PIN bypass doesn't exist than take a few minutes to actually fix it. The worst part is this isn't even the first time you guys have completely ignored account security and PIN issues like this. This lackadaisical attitude toward fundamental and basic account security is absolutely insane.
Luke 42674 Posted 43 minutes ago Posted 43 minutes ago How have you configured the startup option in the app?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now