Galaxy-S3-Jelly-Bean

Security Flaw Found in Samsung’s S-Memo App; Stores your Google Account Password if your Rooted

November 12, 2012 - Written By Alexander Maxham

Here we go again. Another security flaw found in an Android device. This time it affects the Samsung Galaxy S3, and primarily the S-Memo app. XDA member graffixnyc was looking through his rooted files on his Galaxy S3 and opened up S-Memo database in SQLite and discovered that the application was storing his Google account password. His password was just sitting there with no type of encryption at all.

Now we’ve seen some other security flaws lately, like the one where you can wipe someone’s entire device with a line of code in a webpage. Of course Carrier IQ wasn’t really a flaw, just something that no one likes. But there’s actually a pretty simple solution to this problem. Simply uninstall or freeze S-Memo. Or you could always just run an AOSP ROM. Which I’m sure many will be doing pretty soon with Android 4.2 about to hit AOSP.

It appears that this is only on Jelly Bean versions of the Galaxy S3, so those on Sprint need to be careful of which apps you give root access too. We aren’t sure if the Note 2 is affected by this flaw or not, if you do find your Google account password in your S-Memo database let us know in the comments.

SourceXDA