One has to be rooted to see it (since /data/ is not world readable by default). However, an exploit isn't going to have that same issue or anyone running a rooted device.
If there's anyone running Trello for iOS and has a jailbroken device, I would be interested to know if it's also cleartext on there.
The password caching was removed and a fix pushed this morning (v1.3.33). Fogcreek team should be commended the fix came less than 7 hours after being made aware of the bug.
3 comments
[ 4.6 ms ] story [ 15.4 ms ] threadOne has to be rooted to see it (since /data/ is not world readable by default). However, an exploit isn't going to have that same issue or anyone running a rooted device.
If there's anyone running Trello for iOS and has a jailbroken device, I would be interested to know if it's also cleartext on there.
Well done Trello!
Reference: https://mobile.twitter.com/hamidp/status/309303911150395392