Last week, a flaw in the Proton Authenticator application was discovered, which is used for authentication using disposable passwords. The issue was found in the assembly for the iOS platform, where the detailed debriefing log was not disabled, exposing open text to the initial secret keys used for generating disposable passwords. This log did not encrypt the keys or restrict access based on PIN code or biometric authentication.
The problem was addressed in the update version 1.1.1 of the application for iOS. The update aimed to nullify the encryption of the keys and implement restrictions on access. In contrast, the android assemblies only saved the key identifier in the log, not the key itself, ensuring better security measures.
/Reports, release notes, official announcements.