Password shown in cleartext on login prompt in mobile android app

I just noticed that my login credentials can be viewed in cleartext when prompted to login after app update. I don't use any password managers, so I guess the password is stored by the cronometer app?
When I perform a manual logout, the login fields are empty - that should be the default behaviour. This is a major security concern in my opinion. When the app requires a new login, it should not show the stored password in the login prompt.

Phone: Samsung Galaxy A20e
Android 10, Kernel: 4.4.177-20147223
App version: v3.5.9 (b805-AF-s1)

Comments

Sign In or Register to comment.