Solved

Security breach on Android 8.0.0?


Config:
Android 8.0.0
Deezer app 6.0.9.106

How to reproduce :
  • Configure your Android to unlock only with fingerprints + pwd.
  • Launch Deezer and start playing your favorite music
  • Lock your phone (or let it turn off screen)
  • Wake-up your phone,you see the Deezer notification bar where you can pause/skip the song.
  • Double-click it (not on on the buttons) and you go straight to the Deezer app. That's great...
...except that your phone is now unlocked, without giving a fingerprint or a pwd !

Conclusion:
Never your phone unattended with music on.
And iIf you wanna loose your phone or have it stolen, stop the music first 😋
icon

Best answer by Nike.Tufjo 16 April 2019, 11:26

Ok guys, my bad !
After playing around reproducing the problem to make a video, I finally discovered that, for some reason,
the "Smart lock" feature had been activated on my Bluetooth "trusted" headphones...
These headphones I use almost exclusively for listening to DEEZER of course :-)
haaa sooo many configurable things in there ;-)
Sorry for the false alarm.

View original

3 replies

Userlevel 6
Badge +4
Hi there @Nike.Tufjo

Thank you for your input. Is there any way you can film this so that we can pass to our devs for investigation? Would this continue if you try reinstalling the app?
To anyone visiting this post, if you have an Android phone, could you please test it?
Userlevel 2
Badge
Can't reproduce this on HTC U11 with Android 8.0. and Deezer 6.0.10.146

Double click the notification on a locked phone is not unlocking my phone. It is asking me to login with pin or finger print.
Ok guys, my bad !
After playing around reproducing the problem to make a video, I finally discovered that, for some reason,
the "Smart lock" feature had been activated on my Bluetooth "trusted" headphones...
These headphones I use almost exclusively for listening to DEEZER of course :-)
haaa sooo many configurable things in there ;-)
Sorry for the false alarm.

Reply