15
Feb
xfinity-android-app

Before you panic, you should know that this isn't a huge deal, and Comcast is aware of the situation and has promised a fix "within a week or two." There, feel better? Good, because if you use the XFINITY app, any other app that has permission to read logs can read your Comcast username and password (aLogCat, for example).

The details, courtesy of aBSuRDiST, who discovered the issue:

My system log shows <userName>MYUSERNAME@comcast.net</userName> and <password>MYPASSWORD</password> on a line that starts with "D/HTTPManager". I read the log using aLogcat (app available in the market). Open aLogcat, press menu and filter for "password". After I clear my log (using aLogcat) that line reappears even when I haven't used the Xfinity app. I don't use my comcast credentials in any other app.

To try and resolve this I cleared data and cache for the Xfinity app, then cleared the system log in aLogcat, and restarted the phone for good measure. I opened the Xfinity app, logged in without checking "remember me" and unfortunately my username and password immediately reappeared in the system log.

It looks like the frequency of output can be toned down and even controlled (to an extent) by making sure you don't have the app set to automatically login and don't have it remember your credentials. Once you uncheck those options, it only outputs your information when you login.

aBSuRDiST took this information to the Comcast forums, and an employee took notice:

xfinity_oops

In the meantime, be wary of your settings and logins - or if you're tin-hat paranoid, just uninstall it. Then again, if you're tin-hat paranoid, you probably don't have a cell phone...

[Source: XDA-Developers, Comcast]

Aaron Gingrich
Aaron is a geek who has always had a passion for technology. When not working or writing, he can be found spending time with his family, playing a game, or watching a movie.

  • James

    While it may not be a big concern for most, I believe it shows Comcast's inexperience in the whole streaming media market. I have been researching into the live TV streaming app that Comcast boasts, and haven't found much that hasn't been done before. I am a DISH Network subscriber/employee, and am able to remotely stream live TV, on demand content, and all my DVR content anywhere!!

  • godsfilth

    uninstalled and marked as defective

  • http://schpydurx.livejournal.com ProfessorTom

    I wonder if the iOS version of this app suffers from the same problem.

  • Jsbrne

    The latest update solved this issue.
    Guys,
    Update the App and now you will not be seeing your passwords exposed.

Quantcast