[strictnein]

The article whose "exploit" requires handing your unlocked phone to someone?

[larvaetron]

> (Edit #1, 7.30pm GMT): A lot of people are saying that this flaw requires physical access. However, as I pointed out above, you don’t need physical access, a maliciously installed application can easily access the activity and capture the code.)

[strictnein]

So you don't need physical access you just need to install a malicious application? Okay then.

Why can one application even explore and access the views of another?

[elsif1]

Accessibility APIs

[craftyguy]

You'd be surprised how many people (not on HN) use extremely weak (or no) unlocking mechanisms for their devices. It overlaps with the set of folks who would want to use LastPass because of how easy it is.

[saosebastiao]

Do you know what is easier than using last pass for people who use weak unlocking mechanisms? Using the same password everywhere.

I'd be surprised if there was any overlap at all where you claim.

[craftyguy]

Well, I have several family members that fall in the "I use a pattern to unlock my phone or do not use anything to lock it, but store passwords in Last Pass" category. So I guess you're wrong.

[SubiculumCode]

And which just got revealed,and will probably be fixed.