|
| 28 Jun 2013 09:50 PM |
| I found one with the ROBLOX mobile app that lets a person access the last person who logged in'a account, even when they're not logged in. |
|
|
| Report Abuse |
|
|
|
| 28 Jun 2013 09:51 PM |
| Do I just report it to info@roblox.com? Or is there another email I can send to? |
|
|
| Report Abuse |
|
|
| |
|
|
| 28 Jun 2013 09:54 PM |
| That doesn't matter. I'm not affected by it, I found something which can potentially steal accounts with, even if they are logged out of the mobile app and in Safari or similar browsers on iOS |
|
|
| Report Abuse |
|
|
|
| 28 Jun 2013 10:10 PM |
| Safari is not the top with account security. Try using another browser. |
|
|
| Report Abuse |
|
|
| |
|
|
| 28 Jun 2013 10:18 PM |
| Sonic, this is on ROBLOX mobile, which is on iOS, which ROBLOX uses APIs for |
|
|
| Report Abuse |
|
|
|
| 28 Jun 2013 10:20 PM |
| Correction, Safari dominates iOS as being the default browser, and ROBLOX uses Apis for it |
|
|
| Report Abuse |
|
|
|
| 28 Jun 2013 10:21 PM |
I use chrome on my computer, but on iOS, I use safari.
On iOS 7, Safari is awesome, and probably better than chrome.
In the PC world, Chrome dominates |
|
|
| Report Abuse |
|
|
|
| 28 Jun 2013 10:23 PM |
| ROBLOX Mobile is entirely safe. |
|
|
| Report Abuse |
|
|
|
| 28 Jun 2013 10:25 PM |
Pfft, first I found an exploit to access any offsite link I want inside the mobile app, then realized you can access users who are logged out using it.
Yea, that's ENTIRELY safe. |
|
|
| Report Abuse |
|
|
|
| 28 Jun 2013 10:25 PM |
| Logged out meaning they're logged out of the app. |
|
|
| Report Abuse |
|
|
|
| 28 Jun 2013 10:27 PM |
@sonic lets just say if you played roblox mobile and logged out. AND the next person come and logs in your account and hack you. IS THAT SAFE? |
|
|
| Report Abuse |
|
|
|
| 28 Jun 2013 10:27 PM |
| And if they're logged out from Safari and other browsers as well, because ROBLOX mobile uses a separate cookie database I think. |
|
|
| Report Abuse |
|
|
|
| 28 Jun 2013 10:29 PM |
| @iap the thing is, they don't log into your account directly, though |
|
|
| Report Abuse |
|
|
|
| 28 Jun 2013 10:30 PM |
You are always logged into the website it seems
I'm still gathering more info on this, but all I can say is that if you use ROBLOX mobile on a shared device, you are at risk. (Or if they have access to your device, even if you're logged out) |
|
|
| Report Abuse |
|
|
|
| 28 Jun 2013 10:38 PM |
I cannot figure out exactly how, but something causes you to log into www.roblox.com in the mobile app randomly.
It might have something to do with logging into Safari, but then logging out, but ROBLOX mobile keeps you logged into it?
Or is it not able to access Safari's data directly?
I guess I'll report it to info@roblox.com if I find a clear answer to this |
|
|
| Report Abuse |
|
|
|
| 28 Jun 2013 10:42 PM |
| @iAPHackeralt If you didn't yell out your "pass word" to the whole neighbourhood then it is safe. Dummy. |
|
|
| Report Abuse |
|
|
|
| 28 Jun 2013 10:50 PM |
@sonic No, but of you log out of your ROBLOX account(s) EVERYWHERE normally accessable, but then they can still get into your account if they have your device, then there's a problem, because you're not even really logged in, but on the inside, you are.
I don't know if you've ever been banned, and you try to play ROBLOX mobile on an alt, it often won't let you log in? Here's why, you're logged into your banned account. |
|
|
| Report Abuse |
|
|
shayan414
|
  |
| Joined: 11 Aug 2008 |
| Total Posts: 8090 |
|
|
| 28 Jun 2013 10:54 PM |
Try testing it a bit more before reporting it as a potential security issue on the mobile app.
If it turns out to support your theory, report it at info@roblox.com for sure. |
|
|
| Report Abuse |
|
|