Tapatalk says add-on exploit discloses emails and passwords - but which??

[RobinHood]

I've requested all my data be permanently deleted from their servers.

I do feel bad for them as a company in one sense. Their obviously trying to build a good and useful product, but there have been too many security issues that have come to light.

A great responsive native XF design for navigating, 'add to home screen' mobile safari option to get an app like icon on users mobile devices and pushover to send instant notification to users is a good combo for now.

 

[Dad.]

Responsive design is what you need. Themes such as our UIX offer full control over your interface on mobile, I mean Tapatalk and such was great and even necessary -- 5 years ago.

 

[rainmotorsports]

Responsive design is what you need. Themes such as our UIX offer full control over your interface on mobile, I mean Tapatalk and such was great and even necessary -- 5 years ago.

Unless you say live in some parts of Africa where loading even the mobile version of gmail is more than your connection can handle in reasonable time. There is something to be said for native applications that don't load anything but text.

I certainly hate trying to load a page on 2g if either throttled to or stuck in the middle of nowhere. At least with tapatalk you had a chance to load a thread in limited conditions. However the app is so unreliable these days what's the difference.

 

[Dad.]

Unless you say live in some parts of Africa where loading even the mobile version of gmail is more than your connection can handle in reasonable time. There is something to be said for native applications that don't load anything but text.

I certainly hate trying to load a page on 2g if either throttled to or stuck in the middle of nowhere. At least with tapatalk you had a chance to load a thread in limited conditions. However the app is so unreliable these days what's the difference.

If you have an extreme, handle that extreme separately. I don't see why you should make the entire site adhere to a lower bound.

 

[rainmotorsports]

If you have an extreme, handle that extreme separately. I don't see why you should make the entire site adhere to a lower bound.

We are on Xenforo, responsive design is a given. If tapatalk had no bugs, no security flaws, etc. I believe people would still say that it is replaced by responsive design. Which is not true. Responsive design matches Tapatalk or forum applications in solving the content viewing/navigation issue. Now that this is no longer a thing, both solutions are not the same at all. To me its the difference between a fork and a spoon. They can both feed many of the same foods, but they aren't the same category of tool.

Responsive design is superior in that the full site might be accessible where as most forum applications will cause the user to be missing features. I prefer the web browser, responsive design or not. However a touch browser can provide a horrible user experience in comparison to a native application. Even a light weight theme still has a lot of data that isn't content.

It all comes down to notifications, not everyone likes email as a solution. Many non ad revenue sites are begging for push notification/app solutions even in the face of responsive design. It increases user activity. Tapatalk is an existing solution that people hate due to both plugin and client bugs as well as security issues and concerns. But to say any external content access methods are going to drag the whole site down is a bit much. You already have responsive design its not a choice between the two. Its a choice between one or both. We just lack a comparable replacement for the additional solution. Which is not appropriate for all sites (ad revenue reliant for example).

 

[Martok]

We just lack a comparable replacement for the additional solution.

We have two solutions for push notifications.

https://xenforo.com/community/resources/xen-pushover.3039/

https://xenforo.com/community/resources/bd-push-notification.3047/

 

[rainmotorsports]

We have two solutions for push notifications.

https://xenforo.com/community/resources/xen-pushover.3039/

https://xenforo.com/community/resources/bd-push-notification.3047/

Very well aware of pushover and both of those plugins as a member of this forum. But for anyone else I would file it under obscure and unheard of. You can have the best solution in the world and no one using it for years. It's a tough sell too. We are talking the average forum user, not people like us. Though your audience might vary greatly.

 

[Kintaro]

I continue to say that we need official APIs so many external applications can be integrate to our installations thanks to official layer of connection... and a big example are smartphone apps.

 

[Snog]

The Tapatalk add-on itself is in violation of the add-on policies for XenForo.

There are many calls to tapatalk.com in their software with no declaration of what they do in the add-on's description.

 

[rainmotorsports]

The Tapatalk add-on itself is in violation of the add-on policies for XenForo.

There are many calls to tapatalk.com in their software with no declaration of what they do in the add-on's description.

Its an external service plugin. Half of the plugin by its nature is communicating with external servers. Not sure if Mike Kier or Chris have actually looked at it but it was already said the plugin does not violate the rules.

Not having looked at it myself. Most of the plugin is triggered externally and not by the forum software. It works even when disabled in the admincp. A surprise to some but its always been that way even on other platforms. But one example of a callback in the software is tapatalk pings the site to see if its working and if not after a couple of days emails you. So the plugin will respond directly to that ping. This is to be expected and should be allowed if you so choose to install the plugin. But anything beyond "This plugin talks to tapalk servers" is kind of unnecessary to me. It's hard to declare everything, because that's likely what it does. Its one big privacy and security hole. Best thing for them to do is to link off to their sites current terms.

 

[Snog]

Then I would like clarification on this..

5. If information (such as regarding the server or user) is disclosed to an external server in the process of installation, use, or uninstallation of your add-on, the information that is being disclosed and when it will be disclosed must be clearly listed in your resource description (and on your site, if appropriate). To be clear, if an external server must be contacted during normal execution and to perform a core function of the add-on, that does not need to be explicitly disclosed.

Especially the last part in bold letters. I take that as if let's say an add-on contacts a 3rd party server to get information, not the add-on's site, then it doesn't need to be declared.

IMHO, the rest of that applies because there is information about the user and/or server being exchanged with Tapatalk. And with Tapatalk's security history it is even more important that it be disclosed.

There were to be no exceptions to this rule, but it seems to be there is one in this case.

 

[FredC]

Responsive design is what you need. Themes such as our UIX offer full control over your interface on mobile, I mean Tapatalk and such was great and even necessary -- 5 years ago.

that may all be true.. But getting kids these days to move away from mobile applications and back to their mobile browsers is the trick.. the apps simplify things which makes converting these types of surfers over rather difficult.. It doesnt seem all the added features in the world makes a difference to them either..

 

[rainmotorsports]

@Snog It would be good to get further clarification. However the statement given to the complaint that the add-on functions while disabled was this. The files are responding to direct requests to the php code. I believe it was said that there was nothing they could do about that but suggested the author (tapatalk in this case) put checks in the file for the add-on state if they wished to honor it.

Basically the add-on being installed in xenforo has more to do with phrases and options than external communication. The majority of the plugin while using xenforo as a framework and requesting data from the installation, is not being called by xenforo or the operation of xenforo. Except for let's say getting the tapatalk specific user activity for display, etc. The files are being called by the mobile client and or tapatalk server. The files are responding to the request. Not generating them.

I know where you are coming from but its treated as a non xenforo plugin to a certain degree such as if you had WordPress with a WordPress plugin that interfaces with xenforo. But even if in the end it violated the rules it just means delisting from the RM. The plugin is still allowed elsewhere.

 

[D.O.A.]

I have uninstalled years ago.

+1 for this horrible add-on.

 

[greenchicken]

+1 for this horrible add-on.

+2
Just take a style, remove the sidebar and use the mobile style selector add-on.

 

[rafass]

+2
Just take a style, remove the sidebar and use the mobile style selector add-on.

+3
I'll never use something like this on my board.