Today, morning I installed the Twitter Android App Version
5.91.0 on my device (Moto G3). I found that I was able to Login without setting
up a password. I followed the below steps to Login without password.
Steps to reproduce
Steps 1
In the Home screen I tapped on Sign Up button.
Step 2
I entered my name Pranav in the name text field and I tapped
on “Next” button.
Step 3
In the verification screen I entered the Phone number (8888888888),
then I got a verification code. I entered the verification code. Now, it lets
me to the Enter Password screen. I need to enter a password to activate my
account.
Step 4
I got a message stating your Phone is activated. I closed
the Twitter app and then I launch it again, it asked me to enter the Password.
I closed the Twitter app again and I launched the app again, but this time I have
cleared the Twitter app data (Setting -> Apps -> Twitter -> Storage
-> Clear Data.)
I was surprised because I was logged in to my account with
the Twitter handle @Pranav96003942. I did not set the password for the account,
but I was logged in.
 |
| Fig 1: After Login Screen |
Step 5
Then I thought to investigate more. So I cleared the Twitter
app data and then I followed Steps 1, 2, 3 and 4 with the same mobile number (8888888888)
which I registered previously.
I discussed with Santhosh Tuppad about this, then he did not
a search in his Twitter account with the Twitter handle @Pranav96003942, the account
was not fetched because it takes some time to update in the Twitter Database.
Step 6
Santhosh asked me to follow him on Twitter, immediately I
followed @Santhoshst. Santhosh got a
notification, that I follow him. I was also able to Tweet with the account @Pranav96003942.
Step 7
Now, Santhosh asked me to check if I can change the
Password. I went to Change Password screen, there I need to enter the Current
Password to change to change my password, but I am not aware of the current
password. We tried entering the verification code for Current Password, we got
a toast message “Your Old Password was entered incorrectly”.
 |
| Fig 2: Change Password Screen |
Step 8
Then, I tapped on Forgot Password. I entered the number (8888888888)
with which I registered to get the passcode. I got an error message stating “We
Found More than one account with the Phone Number” I got this because I had registered
the same number twice.
 |
| Fig 3: Forgot Password screen with Phone Number |
Step 9
I tried to recover the password with username @Pranav96003942,
I got a passcode to the registered number. Now, I did a password reset by
entering a new password, then I logged out of the account. When I tried to login with the mobile number and password
I was not able to Login, I got an error message stating “We Found More than one
account with the Phone Number”.
 |
| Fig 4: On Login with registered number |
Step 10
Finally, I
realized that Version 5.91.0 is not the latest one. So, I updated the app to
the latest version and then I tested for the above steps. I was logged in
without Password.
My Conclusion about
this behavior
The first issue, I had never entered my password on Login.
So, if I had Logout of the account I can’t login again, if I want to recover my
password I need to do a Forgot Password and then reset my password with a new
one this is the User experience issue.
Secondly, the user must not be allowed to register with the
same number again. Because, it allows to register I am getting an error message
stating “We Found More than one account with the Phone Number”.
No comments:
Post a Comment