

Trello for Android Stores Your Password in Cleartext - yareally
https://twitter.com/yarlyyyy/status/309221063659761664

======
yareally
Link shows images of it that I captured with a throwaway account, but it was
discovered by <https://twitter.com/JBird_Vegas/status/309213249763692546>.
Trello has replied that they are going to fix it.

One has to be rooted to see it (since /data/ is not world readable by
default). However, an exploit isn't going to have that same issue or anyone
running a rooted device.

If there's anyone running Trello for iOS and has a jailbroken device, I would
be interested to know if it's also cleartext on there.

~~~
JBirdVegas
What bothers me is if they have my password how many other Google
authenticated apps also have it?

------
JBirdVegas
The password caching was removed and a fix pushed this morning (v1.3.33).
Fogcreek team should be commended the fix came less than 7 hours after being
made aware of the bug.

Well done Trello!

Reference: <https://mobile.twitter.com/hamidp/status/309303911150395392>

