Security flaw in widgets?

  • My Simplenote iOS app is protected by a passcode AND FaceID to prevent access to the notes inside the app by someone else gaining access to my phone.
    However the Simplenote widget which displays the most recent note shows the text of that note, bypassing all the security. This is the case both after adding the app to the iPhone desktop and in the Add Widget function BEFORE choosing to add this widget.
    Surely this is a breach of security? No one should see the contents of a note without passing security.
    Or, how do I prevent it?

  • Hi! Unfortunately, we don’t have a way to add a passcode to the widget itself.

    You can see where this has been discussed before in Github:

  • Thanks. When this was discussed before it was closed on the basis that having the widget is optional and the user is accepting the security bypass. However, despite access to Widgets being switched off in my iOS settings for Simplenote, on my MacBook, in Edit Widgets, all of the Simplenote widgets appear, complete with note text for the most recent note, and the names of the last 8 notes! This is BEFORE choosing to add the widget. That is therefore NOT a user-selected feature and I cannot stop it happening. I am using Sonoma 14.1. What can be done to prevent this?

  • Thanks for the additional details. We have shared this with the team!

Reply to Security flaw in widgets?