As the title say, a bug which has been confirmed to be around for 7 years leaks the google account password as well as the 2FA code -if enabled-.
Steps to reproduce the behavior:
- Open MicroG Settings
- Add a Google account
- Login with your Google account
- Check logcat with adb logcat | grep GmsAuthLoginBrowser
Therefore, through logcat is possible to see the password, which is a gigantic security hole. This happens even without root.
Is also important to underline that microG per se has security problems.
For more information about the bug, see here.
I haven’t used logcat so excuse my ignorance, but from what I read it’s a log dumper.
What log file is the login info originally stored in?
Is it plaintext in the log file itself, or is it only plaintext after bring filtered through logcat?