So I bought a new iPhone 3Gs last week and sold my old 3G to a buddy. Before giving my old phone to him, I went through the Factory Restore and the "Erase All Content and Settings", which took about 2 hours. Phone was basically in like-new form when I handed it over (no apps or settings were on it).
Anyways, my buddy started downloading apps and programming them with his login credentials where appropriate (ie. Facebook, Tweetdeck, etc. - all of which I also had installed on the phone prior to me blowing it away). No issues until he downloaded Pandora... When he opened the app for the first time, it populated with my old stations. He thought that was odd since he had never heard of some of the groups that were in there. He dug a little deeper and found my e-mail address in the app's settings. He quickly realized what had happened...
The app somehow connected to the Pandora server and must have done some type of handshake based on the unique ID of the iPhone itself to sync, rather than prompting for a username and password like all the other apps he had installed.
Granted, not really a huge security risk here since all he was able to do was delete my stations and add others, overwriting my saved settings in a simple online radio app, but the thought of this happening to a more data-sensitive app made me cringe.
2 Questions:
1 - Has anyone else noticed this? (Even on just a factory restore of your phone - have you noticed that Pandora connects right up without having to put in your credentials upon re-installation?)
2 - Has anyone noticed this activity with any other apps? (he tested quite a few apps like Facebook, DirecTV, Amazon, Ebay, etc. and all of them behaved like you would expect - they prompted for a username and password)
Just curious...
Anyways, my buddy started downloading apps and programming them with his login credentials where appropriate (ie. Facebook, Tweetdeck, etc. - all of which I also had installed on the phone prior to me blowing it away). No issues until he downloaded Pandora... When he opened the app for the first time, it populated with my old stations. He thought that was odd since he had never heard of some of the groups that were in there. He dug a little deeper and found my e-mail address in the app's settings. He quickly realized what had happened...
The app somehow connected to the Pandora server and must have done some type of handshake based on the unique ID of the iPhone itself to sync, rather than prompting for a username and password like all the other apps he had installed.
Granted, not really a huge security risk here since all he was able to do was delete my stations and add others, overwriting my saved settings in a simple online radio app, but the thought of this happening to a more data-sensitive app made me cringe.
2 Questions:
1 - Has anyone else noticed this? (Even on just a factory restore of your phone - have you noticed that Pandora connects right up without having to put in your credentials upon re-installation?)
2 - Has anyone noticed this activity with any other apps? (he tested quite a few apps like Facebook, DirecTV, Amazon, Ebay, etc. and all of them behaved like you would expect - they prompted for a username and password)
Just curious...
