Privacy Vulnerability: with the ERA tool you can view another developer's Beta/Unpublished App names

By utilizing another developer's developer guid which can be found in the URL of their public facing connect iq app page, you can plug that into the ERA reporting tool to view the names of all of that developer's apps. This includes the Beta and unapproved apps.
While the error reports are still locked behind the developer key, the names are public. Beta app names are not normally public and are not advertised to developers as being public.
This could be used to see what apps are being worked on before they are ready to be announced or released.

BowersPowers

Parents

jim_m_58 8 days ago
The 8.2.2 SDK is out and the only thing ins the release notes is this. Does it solve this issue?

v8.2.2
General Changes

Update ERA viewer to only show apps which have valid keys in "Manage Apps" window.
- Cancel
- Up 0 Down
- More
- Cancel

Comment

jim_m_58 8 days ago
The 8.2.2 SDK is out and the only thing ins the release notes is this. Does it solve this issue?

v8.2.2
General Changes

Update ERA viewer to only show apps which have valid keys in "Manage Apps" window.
- Cancel
- Up 0 Down
- More
- Cancel

Children

No Data