i put row owner on user email, and all items disappear from App, so there is no way to protect users data if it is used by App
Why are you digging through apps like that and telling people? If anyone of his customers complains about an issue with one of their cards on his app. Because of your post on here you would probably be liable.
Thatās why I donāt explain how I did it. I would hardly consider it ādiggingā. All Iām saying is that itās really easy to obtain that information if you know how to do it and if somebody doesnāt take data security seriously. Would you want to be that customer? Would you want to be the app owner as the data processor thatās responsible for securing userās data? Would you want your personal information or passwords stored in plain text for the world to see? They arenāt going to be looking at me because I didnāt advise anybody how to do it. They are going to be looking at the person who didnāt heed the advice or follow proper procedure. There are thousands of people out there that do this for sport and greed and itās only a matter of time before they get hit. Iām doing it simply to educate. I donāt have any objections to what I did. There are security companies out there doing the exact same thing to try to make a buck.
Plus, Iām only ādiggingā if I see very obvious misuse of proper security, such as asking for a password using plain text. Most users would not know that their password is that obviously accessible. If they are using that same password elsewhere, that could be a serious risk to them. I donāt go around looking at the underlying data of most apps. In most cases, I have good faith that most people are following reasonable security procedures.
6 Likes
@uzo Yes, if I expand each sheet, I could see all the data within it. For your particular situation, you would have to show and explain what exactly you are trying to do to share info between users and vendors. Ideally you would have a user sheet thatās protected by row owners. Your vendors would be in a separate sheet that is not protected by row owners. If you wanted your users to share data with a vendor, they can easily do that through email, whatapp, text, etc. If you need something between vendor and user, then maybe this would have to be another sheet with 2 row owner columns, one for vendor and one for user, so data in that sheet would be private between them. Itās all about structuring your data properly.
2 Likes
Iām not saying you are showing people how to do it. But you did just show the world that you had access to bank cards and even mentioned a bank. Liability. And you said you donāt go around looking at the underlying data of most apps, which does mean some apps and I have seen you post similar responses in the past. Just telling youā¦if something happens they will look to you.
Have at it. No regrets on my part. None of that data is kept in my possession or sharedā¦plus I have no intention of using it maliciously. I donāt think anybody is going to fault me for providing advice and awareness.
Itās not like itās a big secret either. Itās clearly stated in Glideās security documentation.
Also, that data was downloaded to my personal computer simply by me opening the url. Am I liable for possession at the point it was pushed into my own browser cache or simply by inspecting my own network traffic? Wouldnāt we all be liable at that point?
10 Likes
You missed the point, I was trying to help you not accuse you. Good luck.
thanks for this. I am learning a lot.
1 Like
learning every day from all the highlights by you and all in this community platform. thanks a bunch!
3 Likes