XFINITY Mobile App Leaking Username/Password?
We recently told you about the XFINITY Mobile app for Android. An app that lets you do a whole bunch of stuff, but most people are likely interested in its DVR control and its (lackluster) video streaming capabilities.
The app lets you talk to your configured DVRs, check voicemail and email, and even has some address book functionality. To do this the app has to know your XFINITY username and password. Unfortunately, the app stores your credentials in your Android’s system log.
The Android Market states that an update is coming soon, but doesn’t indicate that this security issue is known or has been addressed in the upcoming release of the app. We hope that this security hole is patched up sooner than later!