Is there an existing issue for this?
What happened?
Issue Description
A security vulnerability has been identified in the TF Connect app where the Wallet section remains accessible without requiring re-authentication after the device is locked and unlocked.
This issue was initially reported by SwissFold on Telegram for Android devices and has been verified on iOS as well. Once a user authenticates and enters the Wallet section, locking and unlocking the mobile device does not trigger any password or authentication prompt, allowing unauthorized access if the device is compromised.
This behavior poses a potential security risk, as sensitive wallet information remains exposed without proper session re-validation.
Steps To Reproduce
- Open the TF Connect app.
- Navigate to the Wallet section by entering the password.
- Lock the mobile device screen.
- Unlock the device.
- Observe that the Wallet section is still accessible without prompting for a password.
Relevant screenshots/screen records
(https://drive.google.com/file/d/1wqiTC91b-4puU-avAlmlfziIUjULlBgl/view?usp=sharing)
Relevant log output
Is there an existing issue for this?
What happened?
Issue Description
A security vulnerability has been identified in the TF Connect app where the Wallet section remains accessible without requiring re-authentication after the device is locked and unlocked.
This issue was initially reported by SwissFold on Telegram for Android devices and has been verified on iOS as well. Once a user authenticates and enters the Wallet section, locking and unlocking the mobile device does not trigger any password or authentication prompt, allowing unauthorized access if the device is compromised.
This behavior poses a potential security risk, as sensitive wallet information remains exposed without proper session re-validation.
Steps To Reproduce
Relevant screenshots/screen records
(https://drive.google.com/file/d/1wqiTC91b-4puU-avAlmlfziIUjULlBgl/view?usp=sharing)
Relevant log output
NA