Rent Cafe Senior Living iOS App Vulnerabilities
1. It saves my password, but not to my keychain or to any other password autofill service on my device, it appears to be saved in the app.
2. The app underlines misspelled words in the password (spellcheck should not be checking password fields, app developer is responsible).
3. The app is not present in any of my Settings menus on my device which is a problem because those settings menus on the device is how a user manages the permissions granted to the app. This is a problem because a user needs the ability to modify the permissions granted to the app. I would never put this application on my father’s phone. Vulnerable software does not belong on the devices of vulnerable people, the elder generation is very vulnerable to cyber crime.
Update per developer response: per the explanation from the developer it appears that the permissions may not have been requested by the app due to the login password issue as I had logged into the app and used it, the permissions should have been requested along the use pathways. Nonetheless, I am glad to hear the issue was finally addressed by Yardi after I notified my father’s property management company, RentCafe, Yardi, and wrote this app review 8 months ago. It wasn’t until I had some face to face time with one of the members of the property management firm who then escalated it within their company and back to Yardi that the issue was addressed. Seniors deserve security and privacy as much as the younger “iPhone generation”; more so in some ways. I’m still not trusting Yardi’s apps and software for seniors on my father’s devices.
Response from developer
Thank you for sharing your concerns. We have addressed the feedback regarding the password field in the latest release. Regarding the mobile device permissions, we found the permissions behavior to be working as expected. Initially when apps are downloaded, they have a minimal set of permissions, and the app is listed in a minimal set of mobile device privacy/permissions screens. As an app gets used, and additional permissions get enabled (by the app user within the app), it is that point that the app becomes listed as an additional app that can be controlled by the mobile device privacy/permission control screens. For our app, the initial permissions are Cellular Data (On) Siri & Search (Off). Optional permissions that can be enabled within the app (and controlled from the mobile device thereafter), currently include Photos, and Microphone. These permissions are presented to the user if they desire to include a photo or voice memo along with their written maintenance request ticket.
