Page 1 of 2

Tapatalk disabled

Posted: Mon Sep 14, 2015 12:57 pm
by Dal
All,

We had a recent issue whereby a locked thread was successfully posted to by a standard user via Tapatalk. While this is being investigated, I have disabled the Tapatalk Extension.

I have learned through chatting to phpBB support that Tapatalk is still not an officially validated phpBB extension - meaning that it likely uses methods outside of the proper phpBB API to go about its business. I have logged a support request with Tapatalk to ask them to confirm whether or not their extension is interfacing 100% directly through the documented phpBB API. I have also asked them to confirm when they expect to have the extension validated by phpBB.

Right now, I'm of the opinion that we should wait until phpBB officially adds Tapatalk to its Extensions Database before re-implementing the function.

Sorry for the inconvenience. If you know or run other phpBB boards that use Tapatalk, you may wish to consider this information. I will update the thread as and when I get a response.

Re: Tapatalk disabled

Posted: Mon Sep 14, 2015 3:27 pm
by simonsunnyboy
FULL ACK, a plugin should not give unexpected access rights. The next one gives full admin possibilities by using /hoho_give_me_admin as the URL :P

Re: Tapatalk disabled

Posted: Mon Sep 14, 2015 4:12 pm
by Dal
phpBB support reckon they do a bit of direct database bashing. This is a HUGE no-no.

Re: Tapatalk disabled

Posted: Mon Sep 14, 2015 4:17 pm
by AtariZoll
I don't use Tapatalk, but would like to say few words about some recently locked threads. There is at least 3 where Amiga vs Atari flame war (or at least it looked so) was on. It is indeed boring, and we saw plenty of similar ones, but sometimes it has some positive. Like that some people 'show their cards' in heat of discussion. I don't care much for bad words and insults - was insulted here and everywhere from people with low knowledge. What I care is to raise knowledge level, to discover some new facts and interesting features, possibilities. It is often spoiled by jealous people, and those wgo can not stand that something "their" is not better than something "our" . Even if nobody claimed anything about what is better :D
So, from now I will not go into more silly discussions with proven troublemakers and spreaders of false and impossible claims. Will report their posts with explanation. I think that we have here another one who crossed the line.

Re: Tapatalk disabled

Posted: Mon Sep 14, 2015 4:19 pm
by joska
So is Tapatalk enabled again?

Re: Tapatalk disabled

Posted: Mon Sep 14, 2015 5:03 pm
by Dal
joska wrote:So is Tapatalk enabled again?


OMG - it actually ignores the fact I disabled it through the Admin Console!!! :evil:

OK - it's being completely removed from the file system, let's see how that goes. In the meantime, another ticket is being raised on them...

**EDIT: That did the trick ***

Re: Tapatalk disabled

Posted: Mon Sep 14, 2015 8:24 pm
by Retrogamer_ST
Perhaps "Hackatalk" would be a more suitable name for this app... ;) :D

Re: Tapatalk disabled

Posted: Mon Sep 14, 2015 9:14 pm
by christos
Since the new version of the forum is responsive and easily accessible from any mobile device, is there a need for tapatalk?

Re: Tapatalk disabled

Posted: Mon Sep 14, 2015 9:45 pm
by joska
Accessing the forum via web on a phone is pretty much useless compared to Tapatalk. Tapatalk is a very popular app, I'm sure it's possible to find out why it's not behaving correctly with this particular forum.

Re: Tapatalk disabled

Posted: Tue Sep 15, 2015 6:43 am
by Frank B
joska wrote:Accessing the forum via web on a phone is pretty much useless compared to Tapatalk. Tapatalk is a very popular app, I'm sure it's possible to find out why it's not behaving correctly with this particular forum.


Seconded. I like to use tapatalk to access the forum.

Re: Tapatalk disabled

Posted: Tue Sep 15, 2015 8:18 am
by Dal
I understand, we all like the convenience of Tapatalk. Like many admins of many forums, I had assumed they were doing it the right way so installed it because users were asking for it and everyone else had it.

After chatting with one of phpBB's developers on irc about it, he was saying there are all sorts of funny things going on in their code which is why they have not yet approved it as an official extension for phpbb 3.1. Not least of all directly reading and writing to the database as opposed to going via the established API (a huge no-no).

Until I can be sure Tapatalk isn't potentially bypassing the forum's security or ignoring the fact I disabled it in ACP, it will remain off the board.

Another thing to consider is that Tapatalk is now promoting monetisation and potentially looking to target advertising to users. I want to be confident that their plugin is secure before they continue to have access to this forum's members.

Re: Tapatalk disabled

Posted: Tue Sep 15, 2015 10:32 am
by Dal
Thanks to information from Calimero, I have been able to reproduce the behaviour with phpBB 3.1.5 running on our test server.

Here are my test details:

Tapatalk Testing wrote:1. Browser based test using two separate computers (one logged in as a dummy user account and anther logged in as a dummy moderator account).
- Browser 1 logged in as user, starts replying to thread
- Browser 2 logged in as mod, locks thread
- Browser 1 hits submit
- Result: message is not posted and the user is informed the thread is now locked. <--- Expected behaviour

2. TapaTalk test. User is logged in via Tapatalk on iPhone while the moderator is logged in on a PC using a regular browser
- Tapatalk user starts replying to a thread
- Moderator locks thread
- Tapatalk user submits reply
- Result: Reply is successfully posted to the thread despite it being locked. <--- Not good!

This looks to me like an issue with Tapatalk not using the phpBB API correctly.

If you know anyone using Tapatalk on their forums, I suggest you make them aware of this potential loophole (there could well be others). They can then make a decision for themselves.

Re: Tapatalk disabled

Posted: Tue Sep 15, 2015 11:09 am
by exxos
I never used Tapatalk , but it sounds like a right hack to me. A hack with security loopholes at that. Its a wonder Tapatalk hasn't been used as a exploit for the forum, who knows what damage could be done with it.

Re: Tapatalk disabled

Posted: Tue Sep 15, 2015 11:47 am
by wongck
I used to have tapatalk on my Android phone but only to see what it does when I was working on a tapatalk app for the Atari (PH Forum Notify).
It does everything via it's own web services and does not use any PHPBB api at all. Using it's own Tapatalk API allows the app to talk to any Tapatalk able forum regardless of the underlying forum infrastructure.
Anyway, I already removed tapatalk app from my android years ago as I found reading and replying on a small screen is very difficult for my failing eyesight... but mostly because I stopped developing tapatalk app for the Atari also years ago.

Re: Tapatalk disabled

Posted: Tue Sep 15, 2015 7:53 pm
by lp
I never used it to post, like some others the tiny screen on a mobile isn't the best for my eyes. :) I did however, have it installed just to get the audio/video notifications on my mobile about posts of interest. However, I can live without that.

Re: Tapatalk disabled

Posted: Sat Sep 19, 2015 2:47 am
by Kirkman
joska wrote:Accessing the forum via web on a phone is pretty much useless compared to Tapatalk. Tapatalk is a very popular app, I'm sure it's possible to find out why it's not behaving correctly with this particular forum.


I'm also a Tapatalk user. I understand the security concerns, but really hope it can somehow be resolved.

Re: Tapatalk disabled

Posted: Sat Sep 19, 2015 9:29 am
by catmando
+1 for tapatalk whenever it can be put back

Re: Tapatalk disabled

Posted: Wed Sep 30, 2015 9:38 am
by catmando
any update on a resolution?

Re: Tapatalk disabled

Posted: Wed Sep 30, 2015 9:56 am
by Dal
They have gone very quiet. I even had an email from someone else at Tapatalk as they noticed I'd taking the board off and wanted to know what, if anything, they could do. I sent back a reply stating that I'm waiting for a resolution to my bug report and that's the last I heard from them.

As soon as Tapatalk is added to the phpBB extensions database, I'll re-deploy.

Re: Tapatalk disabled

Posted: Wed Sep 30, 2015 10:48 am
by troed
Dal wrote:They have gone very quiet. I even had an email from someone else at Tapatalk as they noticed I'd taking the board off and wanted to know what, if anything, they could do. I sent back a reply stating that I'm waiting for a resolution to my bug report and that's the last I heard from them.

As soon as Tapatalk is added to the phpBB extensions database, I'll re-deploy.


FWIW I've started using the mobil web version and while Tapatalk did better notifications it's definitely something I can live with now.

/Troed

Re: Tapatalk disabled

Posted: Sun Dec 13, 2015 10:38 am
by Philsan
Dal wrote:As soon as Tapatalk is added to the phpBB extensions database, I'll re-deploy.


Thank you!

Re: Tapatalk disabled

Posted: Sat Mar 19, 2016 8:58 pm
by Kirkman
Anything new on the Tapatalk front? Would really love to get back into browsing the forum.

Re: Tapatalk disabled

Posted: Sat Mar 19, 2016 11:03 pm
by Dal
Kirkman wrote:Anything new on the Tapatalk front? Would really love to get back into browsing the forum.


Nothing new.

Unfortunately, Tapatalk devs are still hacking their own way into the phpBB backend rather than using the official API.

Re: Tapatalk disabled

Posted: Fri Sep 30, 2016 1:41 pm
by Gryzor
I recently refreshed my installation on the CPCWiki forum (using SMF). Tapatalk has been giving us problems for ages (some are "amusing", like serving photos that don't belong to our forum*, others less so, like it stopping working for no reason then coming back, or the TT console reporting at one point that my installation is ok and at the other that TT has not been installed, stuff like that).

But, imagine my surprise at finding that Tapatalk currently works for my forum.......

.....without having installed it :D

There's the mobiquo folder left over from the previous forum installation, but no plugin and the forum code is bleached clean. And yet my users are using TT.

Just thought I'd amuse you :D



*the images it served came from a US gun enthusiasts forum. Now imagine if my forum was for gun victims...

Re: Tapatalk disabled

Posted: Wed Oct 26, 2016 12:24 pm
by sandy421
joska wrote:Accessing the forum via web http://www.comparateur-mutuelle-assurance-sante.com on a phone is pretty much useless compared to Tapatalk. Tapatalk is a very popular app, I'm sure it's possible to find out why it's not behaving correctly with this particular forum.


hello!! i use the lastest lg's smart phone and it works on it and it work well!
thanks!!