Found a situation that may pose a (somewhat limited and remote) security risk.
Log into Codebook app,
Locate an entry with a password field,
Tap on password field to present field options menu,
Hit iPhone standby button,
Wait for ‘auto-lock timer’ to engage so Codebook enables lock (requiring app passcode again),
Upon returning to app, app lock screen is presented, but the top of the password field options menu is still visible (‘copy password’) and iPhone keyboard covers the lower options (‘reveal’, ‘toggle font’, and ‘cancel’),
Tap the ‘copy password’ option to copy to clipboard,
Open Notes app and paste clipboard contents. Password is pasted even though app is locked.
I found that similar behaviour is possible without locking the app. Follow steps 1 - 3, then push ‘home’ button. Click on app to re-launch and field options menu is still visible.
Suggest that field options menu should be closed if leaving the entry screen for any reason.
Thanks for this detailed report. I was able to reproduce the issue and am looking into a fix now. Will update this thread when we’ve got a fix in place to beta test.
Sorry for the delayed response on this. The most recent beta version (3.1.7 build 457) should dismiss any alert/action sheet present when the application resigns active so that it won’t show up again when you go back into Codebook. There are a couple of cases where iOS snapshots the screen’s view while the action sheet/alert is still in the process as being dismissed (so it may still show partially in the app switcher), although it won’t be present when you return to Codebook. This is more likely to occur if you double tap the home button. Let me know whenever you’re able to try out the latest beta, and if it resolves the issue on your end.
