Sunday, December 9, 2018

TeachX Mobile App - No User Permission Prompt When Accessing the Camera Roll

TeachX Mobile app for iOS (version 1.0.4)
Date: 12/10/2018

Description:

The TeachX app does not prompt the user permission's to access the camera roll. This happens if the user selects the camera or camera roll option from messages area.

While I believe that this is allowed for profile pictures, I do not believe that this is allowed in any other area of an app.

This is easier to show than it is to describe, so please see the attached screenshots.

Steps to Reproduce:

1. Download and launch the TeachX Mobile app
2. Create an account - approve the EULA
3. Once inside the app, select "Messages"
4. Click on the top right hand of the screen for a "New Message"
5. Enter in a letter, choose any person
6. Click on the button below the garbage can
7. Select either the camera or camera roll option

Result: The TeachX Mobile app opens up and has access to the camera roll without a permission prompt to the user

Expected: The TeachX Mobile app should display a permission prompt to the user before accessing the camera roll

As you can see, no access is indicated on the permissions screen.

Select the Messages option, and send a message. I sent one to myself, so as to not bother regular users...

Click the option in the bottom left hand corner of the screen. Select either the camera icon, or the camera roll icon...

Access to camera roll without read permission asked for, or granted.


Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)