Skip to main content

CyanogenMod developers remove code that logged device screen-lock patterns

posted onOctober 24, 2012
by l33tdawg

The development team of CyanogenMod, a popular community-built Android firmware, discovered and removed a line of code that posed potential security risks because it logged and stored device screen-lock patterns in a file.

The unwanted line of code was added back in August in CyanogenMod version 10, which is based on Android 4.1 (Jelly Bean), as part of a new feature that allowed the size of the lock screen's dot grid to be configurable -- for example from the default 3x3 size to 6x6.

"The line of code has been introduced by a respectable member of the Cyanogen community and I don't suspect it has been added with malicious intent," Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, said Tuesday via email. "Most probably, it is a snippet of code used during debugging and forgotten when committing the code."

Source

Tags

Cyanogen Software-Programming Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th