[gizmo21]

I got tipped again to a phenomenon I've seen before by the post in this BlackBerry PasswordKeeper thread which originally had another topic: /blackberry-android-os-f456/password-keeper-disabling-password-startup-1103341-post12811804/

I've seen same behaviour on other security apps, that usually blank out their minimised view in launcher, but don't when being focused open at time of display idle timeout.

Happens for me in KeePass and Threema (and BlackBerry PasswordKeeper for others as I don't use it) which all correctly blank the minimised view in recent appview if you:

1. manually minimise

2. have at display timeout another app active in focus

But if once the app is active at idle timeout it does not blank and so can possibly leak sensitive information to a third person. You even can't get this state reverted after manually *minimising it afterwards. It even shows then an old snapshot of the app content if you navigate elsewhere in the app.

All this leads me to BlackBerry Launcher being the buggy app here, which at least is not acceptable for a company that also sees a market by releasing Privacy Shade to prevent data leakage on screen.

It could also be Android itself, but I guess google would have fixed it by now, perhaps someone with other launcher can crosscheck:

Open one of the mentioned apps above set in android Pref display idle timeout to 15sec. Set the security app in fullscreen with sensitive information open an wait 15sec. After that active recent app view and see if information is displayed there or a blank screen is shown.

Data for @LiamQ , @mrbbsecurity , @Ken Wallis to reproduce:

STV100-4 6.0.1 July secPatch QWERTZ/DE
BlackBerry Launcher 1.1.4.7160 latest non beta

[mrbbsecurity]

I've seen this one reported a lot. I believe this is a core Android issue and not something Password Keeper (or even launcher) can fix. I think it's fixed on Android N.

[gizmo21]

Sorry couldn't find anything Android specific on it via web search. Could you pass me some buzzwords to search for?

Tried to reproduce on Nexus 5 6.0.1 with Threema and there everything is working as it should on the rollodex recent apps of vanilla android, so no info leak when the right option in threema is set and idle timeout kicks in while active.

I'm not convinced of the core android theory, but am accepting if I'm shown otherwise.

. I think it's fixed on Android N.

Update: oh was that a hint that legacy devices will get N ;D

[thurask]

On a DTEK60, I open Password Keeper (or Lastpass), leave it open on the sensitive page, wait 15 seconds for the screen to shut off, tap the screen back on, and then go to the recent apps list (Tiles). Both Password Keeper and Lastpass blank, although this is with BB Launcher 1.1.5 if it matters. Nova Launcher 5.4 beta 3 also does the same thing.

https://imgur.com/yHJUT1Y

[gizmo21]

AFAIK are the DTEKs also M, so general android prob here.

[thurask]

AFAIK are the DTEKs also M, so general android prob here.

Have you tried another launcher?

[erose75]

When it happens to me, it is like this: open password keeper, enter main password, go into password that I want. Leave PK open on that password screen. Screen times out. Double tap screen and PK is at main screen asking for main password, but don't enter main password. Hit the square button to minimize...that is when the last password I was in is exposed on the minimized tile.

[gizmo21]

@erose75 Priv or DTEK? And which version of Launcher?

[erose75]

@erose75 Priv or DTEK? And which version of Launcher?

Apologies, I meant to include that. Factory unlocked priv on BlackBerry launcher 1.1.4.7160

[gizmo21]

Thx, OK now we need another Priv user with beta 1.1.5 launcher that tell us no info leak and can be sure it's fixed in next release version.

[thurask]

I can't get it to not blank using Launcher 1.1.4 on DTEK60 either.

Maybe it's your OS build?

[erose75]

this has not been fixed on my priv with the 1.1.5 launcher. I did a 32 second reboot after all the BlackBerry apps updated today as well.

[mrbbsecurity]

Sorry couldn't find anything Android specific on it via web search. Could you pass me some buzzwords to search for?

Tried to reproduce on Nexus 5 6.0.1 with Threema and there everything is working as it should on the rollodex recent apps of vanilla android, so no info leak when the right option in threema is set and idle timeout kicks in while active.

I'm not convinced of the core android theory, but am accepting if I'm shown otherwise.

https://issuetracker.google.com/issues/37058396
"The issue has been fixed in latest n release"

[gizmo21]

Thx for the info, but then there is no chance for PRIV and DTEKs?