iOS eSteem App | Without entering Pin Code open Submit Story form by devilonwheels

View this thread on: hive.blog | peakd.com | ecency.com

utopian-io · @devilonwheels · Jan 10 '18 (edited)

$12.21

iOS eSteem App | Without entering Pin Code open Submit Story form

I just started using eSteem more and more especially very handy when replying or posting comments. However, it is a bit slow and unresponsive at times in iOS but today I am going to share an issue that is kind of a security issue for me.

## What Happened As User Experience
-- 1. I was trying to access the Search feature of the app which is available under the context menu of the app on upper right hand corner. You can click on three dots "..." to open is and that's how it looks

![image.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1515203994/uezrcxqqdhwcsrdgzpbo.png)

-- 2. Suddenly I had to push my Home button on my iPhone to move to another app. I worked on the other item and opened the eSteem App and found the first issue, which is highlighted below. You can that the app asks me to enter Pin Code but still shows the context menu.

![image.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1515204228/olz65ois3j37z55hd6rx.png)

-- 3. The issue does not end there because as a security measure I had applied the Pin Code so that no one can use the app without entering the Pin Code that I enabled from settings option of the app. I have access to all four context menu options and most critical one is "**Submit a story**" button. The other three options aren't of that much severity as the context menu closes and action is applied in the app.

-- 4. However, if you tap/click the "**Submit a story**" button, you will get to your Submit story form without user entering the Pin Code
![image.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1515204626/ztgwafllyad1dswmz0xg.png)

## Expected Output
The context menu should not be visible if I have not entered the pin code and user should never be able to reach/open "Submit a story" form without entering the security Pin Code to open the eSteem app

## Steps to Reproduce the Bug
-- 1. Open eSteem app on iPhone 6 with iOS 11.2.1
-- 2. Enter eSteem app security Pin Code to open your app. Make sure you have enabled the Pin Code under your eSteem -> Settings -> Security option.
-- 3. Click on the three dots "..." on upper right hand corner of the app to open the context menu. It will open the Context Menu with four options.
-- 4. Press the home button of your iPhone 6 to minimize/hide the eSteem app tocome to home screen of iPhone 6
-- 5. Open the eSteem app again.
-- 6. **Issue 1**: The Context menu is visible with all 4 options with Pin Code pad below. User can select any option now.
-- 7. **Issue 2**: While the first three options only closes the context menu and have effect inside the app. Clicking on "Submit a story" option opens up the Submit a story form and user will be able to submit the story without entering the security Pin Code. To me it is kind of a security issue that any one can have access to your phone while the eSteem app is minimized or hidden and if he opens the app in this condition, he can go ahead and submit a story without you knowing it.

Pictures / screenshots of the app are shared above. Let me know in case any other input is required to reproduce the issue.

### Environment Details
Phone: iPhone 6
Operating System: iOS 11.2.1

<br /><hr/><em>Posted on <a href="https://utopian.io/utopian-io/@devilonwheels/ios-esteem-app-or-without-entering-pin-code-open-submit-story-form">Utopian.io - Rewarding Open Source Contributors</a></em><hr/>

👍 utopian-io, aburmeseabroad, devilonwheels, goel.tarun, thenomadictales, tantra, banglasteve, rnmn1517

properties (23)vote details (8)

voter	rshares	pct
tantra	2,393,423,081	100%
aburmeseabroad	15,165,544,441	84%
banglasteve	666,652,461	100%
thenomadictales	3,267,971,636	100%
utopian-io	1,535,124,827,278	0.95%
goel.tarun	4,345,397,469	100%
devilonwheels	4,646,933,424	100%
rnmn1517	110,246,827	100%

@thegoldenphoenix · Jan 9 '18 (edited)

Your contribution cannot be approved yet. See the [Utopian Rules](https://utopian.io/rules). 
your contribution  is very similar to this one 
https://utopian.io/utopian-io/@thegoldenphoenix/esteemapp-a-serious-security-bug
You can contact us on [Discord](https://discord.gg/UCvqCsx).
**[[utopian-moderator]](https://utopian.io/moderators)**

properties (22)

`author`	thegoldenphoenix
`permlink`	re-devilonwheels-ios-esteem-app-or-without-entering-pin-code-open-submit-story-form-20180108t235943253z
`category`	utopian-io
`json_metadata`	{"tags":["utopian-io"],"community":"utopian","app":"utopian/1.0.0"}
`created`	2018-01-08 23:59:45
`last_update`	2018-01-09 22:09:18
`depth`	1
`children`	3
`last_payout`	2018-01-15 23:59:45
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	340
`author_reputation`	10,798,378,750,231
`root_title`	"iOS eSteem App \| Without entering Pin Code open Submit Story form"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	28,116,917
`net_rshares`	0

@devilonwheels · Jan 9 '18

@thegoldenphoenix, with due respect, the contribution you are suggesting is for different app and different behaviour while this is a bug in eSteem Mobile app not Steemiz Post Reward.

properties (22)

`author`	devilonwheels
`permlink`	re-thegoldenphoenix-re-devilonwheels-ios-esteem-app-or-without-entering-pin-code-open-submit-story-form-20180109t003158146z
`category`	utopian-io
`json_metadata`	{"tags":["utopian-io"],"community":"utopian","app":"utopian/1.0.0"}
`created`	2018-01-09 00:31:57
`last_update`	2018-01-09 00:31:57
`depth`	2
`children`	2
`last_payout`	2018-01-16 00:31:57
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	183
`author_reputation`	1,586,138,858,119
`root_title`	"iOS eSteem App \| Without entering Pin Code open Submit Story form"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	28,122,457
`net_rshares`	0

@thegoldenphoenix · Jan 9 '18

wrong link sorry for that @devilonwheels  this is the correct link 
https://utopian.io/utopian-io/@thegoldenphoenix/esteemapp-a-serious-security-bug

properties (22)

`author`	thegoldenphoenix
`permlink`	re-devilonwheels-re-thegoldenphoenix-re-devilonwheels-ios-esteem-app-or-without-entering-pin-code-open-submit-story-form-20180109t221055481z
`category`	utopian-io
`json_metadata`	{"tags":["utopian-io"],"community":"utopian","app":"utopian/1.0.0"}
`created`	2018-01-09 22:10:57
`last_update`	2018-01-09 22:10:57
`depth`	3
`children`	1
`last_payout`	2018-01-16 22:10:57
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	149
`author_reputation`	10,798,378,750,231
`root_title`	"iOS eSteem App \| Without entering Pin Code open Submit Story form"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	28,347,894
`net_rshares`	0

1 reply

@thegoldenphoenix · Jan 10 '18

$0.06

you have well  explained your point of view your contribution is approved.
You can contact us on [Discord](https://discord.gg/UCvqCsx).
**[[utopian-moderator]](https://utopian.io/moderators)**

👍 devilonwheels

`author`	thegoldenphoenix
`permlink`	re-devilonwheels-ios-esteem-app-or-without-entering-pin-code-open-submit-story-form-20180110t220531918z
`category`	utopian-io
`json_metadata`	{"tags":["utopian-io"],"community":"utopian","app":"utopian/1.0.0"}
`created`	2018-01-10 22:05:33
`last_update`	2018-01-10 22:05:33
`depth`	1
`children`	4
`last_payout`	2018-01-17 22:05:33
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.043 HBD
`curator_payout_value`	0.014 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	192
`author_reputation`	10,798,378,750,231
`root_title`	"iOS eSteem App \| Without entering Pin Code open Submit Story form"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	28,599,563
`net_rshares`	6,877,329,244
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
devilonwheels	0 B		6,877,329,244	100%

@devilonwheels · Jan 10 '18

Thanks a lot !! I appreciate you understanding it and approval of it. I will keep up the efforts to improve further.

👍 eatsrewards

`author`	devilonwheels
`permlink`	re-thegoldenphoenix-re-devilonwheels-ios-esteem-app-or-without-entering-pin-code-open-submit-story-form-20180110t235653966z
`category`	utopian-io
`json_metadata`	{"tags":["utopian-io"],"community":"utopian","app":"utopian/1.0.0"}
`created`	2018-01-10 23:56:54
`last_update`	2018-01-10 23:56:54
`depth`	2
`children`	3
`last_payout`	2018-01-17 23:56:54
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	116
`author_reputation`	1,586,138,858,119
`root_title`	"iOS eSteem App \| Without entering Pin Code open Submit Story form"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	28,617,855
`net_rshares`	2,404,814,850
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
eatsrewards	0 B		2,404,814,850	0.25%

@eatsrewards · Jan 11 '18

$0.93

Enjoy the vote and reward!

👍 rewardpoolrape, iflagtrash, eatsrewards

`author`	eatsrewards
`permlink`	eatsrewards-re-devilonwheelsre-thegoldenphoenix-re-devilonwheels-ios-esteem-app-or-without-entering-pin-code-open-submit-story-form-20180110t235653966z
`category`	utopian-io
`json_metadata`	""
`created`	2018-01-11 00:31:33
`last_update`	2018-01-11 00:31:33
`depth`	3
`children`	1
`last_payout`	2018-01-18 00:31:33
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.929 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	26
`author_reputation`	6,338,926,820,750
`root_title`	"iOS eSteem App \| Without entering Pin Code open Submit Story form"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	28,623,436
`net_rshares`	102,041,796,815
`author_curate_reward`	""

properties (23)vote details (3)

voter	rshares	pct
iflagtrash	31,361,764,448	1.5%
rewardpoolrape	63,465,587,817	1.5%
eatsrewards	7,214,444,550	1.5%

1 reply

@goel.tarun · Jan 12 '18

Good One Dheeraj :)

properties (22)

`author`	goel.tarun
`permlink`	re-devilonwheels-re-thegoldenphoenix-re-devilonwheels-ios-esteem-app-or-without-entering-pin-code-open-submit-story-form-20180112t130303162z
`category`	utopian-io
`json_metadata`	{"tags":["utopian-io"],"app":"steemit/0.1"}
`created`	2018-01-12 13:03:09
`last_update`	2018-01-12 13:03:09
`depth`	3
`children`	0
`last_payout`	2018-01-19 13:03:09
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	19
`author_reputation`	12,095,155,003,362
`root_title`	"iOS eSteem App \| Without entering Pin Code open Submit Story form"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	28,998,807
`net_rshares`	0

@thenomadictales · Jan 6 '18

i don't have a password so can't comment on security thing however this slow and going unresponsive is quite irritating. M on move most of the times so using app extensively and would be great if these issues gets fixed.

properties (22)

`author`	thenomadictales
`permlink`	re-devilonwheels-ios-esteem-app-or-without-entering-pin-code-open-submit-story-form-20180106t041734941z
`category`	utopian-io
`json_metadata`	{"tags":["utopian-io"],"app":"steemit/0.1"}
`created`	2018-01-06 04:17:09
`last_update`	2018-01-06 04:17:09
`depth`	1
`children`	1
`last_payout`	2018-01-13 04:17:09
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	220
`author_reputation`	3,117,654,789,376
`root_title`	"iOS eSteem App \| Without entering Pin Code open Submit Story form"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	27,438,311
`net_rshares`	0

@devilonwheels · Jan 6 '18

$0.03

Yeah Sanchit, it indeed is and well I am sure that @good-karma would be working very hard to  get it right. I saw one post where lots of updates are going to be coming our way in 2018 with even new UI. Looking forward for it to get stabilize and more robust.

👍 thenomadictales

`author`	devilonwheels
`permlink`	re-thenomadictales-re-devilonwheels-ios-esteem-app-or-without-entering-pin-code-open-submit-story-form-20180106t050604542z
`category`	utopian-io
`json_metadata`	{"tags":["utopian-io"],"community":"utopian","app":"utopian/1.0.0"}
`created`	2018-01-06 05:06:03
`last_update`	2018-01-06 05:06:03
`depth`	2
`children`	0
`last_payout`	2018-01-13 05:06:03
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.025 HBD
`curator_payout_value`	0.005 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	258
`author_reputation`	1,586,138,858,119
`root_title`	"iOS eSteem App \| Without entering Pin Code open Submit Story form"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	27,445,243
`net_rshares`	3,565,109,134
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
thenomadictales	0 B		3,565,109,134	100%

@utopian-io · Jan 12 '18

### Hey @devilonwheels I am @utopian-io. I have just upvoted you!
#### Achievements
- You have less than 500 followers. Just gave you a gift to help you succeed!
- This is your first accepted contribution here in Utopian. Welcome!
#### Suggestions
- Contribute more often to get higher and higher rewards. I wish to see you often!
- Work on your followers to increase the votes/rewards. I follow what humans do and my vote is mainly based on that. Good luck!
#### Get Noticed!
- Did you know project owners can manually vote with their own voting power or by voting power delegated to their projects? Ask the project owner to review your contributions!
#### Community-Driven Witness!
I am the first and only Steem Community-Driven Witness. <a href="https://discord.gg/zTrEMqB">Participate on Discord</a>. Lets GROW TOGETHER!
- <a href="https://v2.steemconnect.com/sign/account-witness-vote?witness=utopian-io&approve=1">Vote for my Witness With SteemConnect</a>
- <a href="https://v2.steemconnect.com/sign/account-witness-proxy?proxy=utopian-io&approve=1">Proxy vote to Utopian Witness with SteemConnect</a>
- Or vote/proxy on <a href="https://steemit.com/~witnesses">Steemit Witnesses</a>

[![mooncryption-utopian-witness-gif](https://steemitimages.com/DQmYPUuQRptAqNBCQRwQjKWAqWU3zJkL3RXVUtEKVury8up/mooncryption-s-utopian-io-witness-gif.gif)](https://steemit.com/~witnesses)

**Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x**

properties (22)