blixt-wallet icon indicating copy to clipboard operation
blixt-wallet copied to clipboard

Published 20 hours ago verified publisher icon hsjoberg

Android keyboard stores seed phrase

Open softsimon opened this issue 2 years ago • 2 comments

Upon restoring my wallet for the second time I noticed that the Android keyboard started to predict and fill in all my seed words in order. This is a security flaw.

Expected behavior:

The seed phrase box should not have the default keyboard auto complete enabled that stores what you type.

softsimon avatar Nov 25 '21 04:11 softsimon

The default keyboard should not be used at all. Those might be any keyboard with features that even send all you write to some servers.

Giszmo avatar Feb 07 '22 04:02 Giszmo

Agree, I think creating Blixt Wallet's own software keyboard component in react-native with Views could work.

The text should be shown in a Text instead of a Textarea.

hsjoberg avatar Feb 18 '22 14:02 hsjoberg

Addressed in 5805b9b1d38b4c1ed3c099348a6dae24b1cbb0c9.

In-app keyboard would be nice, maybe at a later time.

hsjoberg avatar Sep 22 '22 17:09 hsjoberg