(Android) HockeyApp authentication can be skipped using hardware back button

Question

(Android) HockeyApp authentication can be skipped using hardware back button

Opened this issue 7 years ago · 7 comments

react-native 0.41.2
react-native-hockeyapp 0.5.1

Unexpected behavior:
We use the HockeyApp authentication type = 2 (emailPassword). After installing our app and launching it, the HockeyApp authentication screen is presented to the user. Users on an Android device can skip the HockeyApp authentication using the hardware back button and this will take them directly to our app. We also discussed this with the HockeyApp team and they suggested we change the HockeyApp SDK version to their latest (4.1.3) but this has not made the issue go away.

Expected
It should not be possible for a user to skip the HockeyApp authentication. Maybe an idea is to disable the hardware back button when the HockeyApp authentication screen is up or to exit the app when the user hits the hardware back button.

Answer 1 · 2017-05-03T23:13:11.000Z

Hey,
I replied to you in the HockeyApp support, but I wanted to post my response here, too.

We were finally able to reproduce this. The change was merged in develop of our Android SDK just now. Unfortunately, it'll be a few weeks until we release 4.1.5 of the Android SDK as we just released 4.1.4 and we are quite busy working on Mobile Center. That said, we might release 4.1.5 earlier, we just don't know.
Thanks a lot for bearing with us.

Best,
Benjamin

Answer 2 · 2017-05-04T02:54:37.000Z

Thank you Benny. We'll proceed as you suggested

Answer 3 · 2017-05-11T21:02:22.000Z

Benny,
Is there a way that you can accelerate the delivery of a patch to address the issue? We are running several pilots of our mobile app and at the moment when it comes to Android users/devices we faced TWO MAJOR ISSUES:

Users that are part of our test pool can copy the apk from their file system on the device and send it around and anyone can basically use it and we have no control and no visibility on this
Since users can skip the authentication, we can't trace crash reports and other analytics to specific users.

Thank you in advance

Answer 4 · 2017-05-12T10:30:53.000Z

@devmaster72 I completely understand. I'll let you know at the beginning of next week what the ETA for the 4.1.5 release is. We're trying to be as quick as possible.

Thx for your support and understanding.

Answer 5 · 2017-08-19T20:07:06.000Z

@TroubleMakerBen do you have an update on the ETA of 4.1.5? thank you

Answer 6 · 2017-08-29T17:20:13.000Z

@ER1011 That was released weeks ago. We're at 5.0.0-beta.1 now.

Answer 7 · 2017-09-23T22:43:47.000Z

Thank you @TroubleMakerBen, we just upgraded to HockeyApp SDK 5.0.1 and I can confirm the problem is gone