Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Preventing Facebook Android SDK from displaying password as plain text

I have an Android app using the Facebook Android SDK and will be deployed publicly.

My problem is that whenever a user makes a mistake logging in with a wrong password, the Facebook SDK will change the password field to plain text, which is obviously not going to be acceptable in a public environment.

Is there a way to suppress this behavior?

like image 779
Ron Avatar asked Jan 17 '13 08:01

Ron


2 Answers

The Facebook SDK login dialog validating flow is managed from the server side of facebook. And as we do not have any control at our side for login validation.

The Facebook SDK provides a LoginButton view that is a custom view implementation of a Button. You can use this button in your app to implement Facebook Login. The LoginButton class maintains the session state, which allows it to display the correct text in the button based on the user's authenticated state. Adding LoginButton to your activity's layout is a quick way to implement Facebook Login.

Along with the login button, you may want to control other user interface (UI) components based on whether the user is authenticated or not. The Facebook SDK includes two classes: UiLifecycleHelper and Session.StatusCallback, to handle much of the complexity around managing session state changes. The activity or fragment where you show authenticated functionality can create an instance of the UiLifecycleHelper class and pass in a Session.StatusCallback listener that is notified of any session state changes. Your activity or fragment must call UiLifecycleHelper public methods that mirror an activity's or fragment's lifecycle methods. These methods are used in creating, opening, saving, and restoring an active Facebook session. The Session.StatusCallback listener implementation can override the call() method to respond to session state changes and update the UI accordingly.

So LoginButton controls the login button functionality and you can add custom code triggered off the call() method to control other UI components.

like image 66
GrIsHu Avatar answered Nov 17 '22 20:11

GrIsHu


No, the login dialog is rendered from Facebook's side and the mobile login dialog always shows the password in plain text on the second try - there should be a note to that effect visible in the dialog when it reloads

like image 24
Igy Avatar answered Nov 17 '22 19:11

Igy