im observing this for at least one function (sync), but presumably this will exhibit itself elsewhere:
steps to reproduce
- create an account somewhere
- log in on the app
- set up a sync from the app
- delete the account from anywhere other than the app
- return to the app
- observe that you've been logged out
- also observe that sync notifications persist
- create another account somewhere
- log in on the app with the new account
- go to set up a sync
- observe that the app momentarily shows the old syncs
- observe that the app crashes
this bug is expressed in both the mobile app and the desktop app
expected outcome
- the app should be aware of the account's deletion even while in the background, and log the user out
- when logging a user out, any settings that were maintained (including folder syncs) should be erased
actual outcomed
- the app only checks for account status when the app is brought to the foreground, and only logs a user out then
- the app doesn't clear any app data or settings when the user is logged out, and stuff such as folder syncs remain
other notes:
this is actually quite a serious vulnerability as a user who's identity has been compromised will leave traces of their use on devices. for example, if my phone has been compromised by adversaries, and i delete my account from the web app or desktop app, the phone will still persist data about me
im observing this for at least one function (sync), but presumably this will exhibit itself elsewhere:
steps to reproduce
this bug is expressed in both the mobile app and the desktop app
expected outcome
actual outcomed
other notes:
this is actually quite a serious vulnerability as a user who's identity has been compromised will leave traces of their use on devices. for example, if my phone has been compromised by adversaries, and i delete my account from the web app or desktop app, the phone will still persist data about me