The 3.4 updated to My Eyes Only Classic had a bug in the code that caused the software to reject the correct app access password. A password would never work and that was a huge issue for users of My Eyes Only Classic. (Understatement of the month.)
Background - Way Back Machine
This issue only affected users who originally used the app My Eyes Only created in 2008. This issue only affected users who started using the app in 2008, 09, 10, 11, 12 and 2013. Anybody who first used My Eyes Only Classic in 2013 - 2017 didn’t see this issue. The key to the issue was that users password for the app, was created prior to 2013.
We renamed My Eyes Only to My Eyes Only Classic in 2012 when we rewrote MEO and created a Pro version. If you downloaded MEO Classic in 2013 through now, you never saw this issue. That is why we didn’t catch this in testing. We simply didn’t have a set of data created beefier 1013.
The Technical Details of the Failure
So we use a password hash to store your app access password in the app. What we do is take the password you setup and hash it with a “Salt”. A silly word for a random set of data bits that is unique to your device. The Salt plus your password is hashed and stored in a file. That file was the problem child. More in a moment. When you need to access the app, you type in your password, it is hashed with your unique salt and the compared bit to bit with the hash stored in the app. If it is 100% equal, you get into the app. The bonus portion of that exercise is that the hash is used in the encryption key. Therefore, to decrypt your data we, or any hacker would need, your password and your unique salt.
Back to that Pesky File
Back in 2012 in the new MEO Pro we stored that password hash and other important data in a file in a specific location. That way the app can find that file when it needs to compare the saved hash with the one that is created just after you enter your password. The thing is, we put that file into a location where iOS could, if and when it wanted, to purge that file to save space. Problem. It took a number of years to figure that out. When we did, we moved that file to the proper location where iOS would never delete it. That was fine for MEO Pro, but we needed to do the same for Classic.
Here is where it get confusing. We decided to update Classic with the same modern code we created for Pro. It was better and we noticed that thousands of our users refused to move to the Pro version. Sigh. So we renamed My Eyes Only to Classic and gave it a major feature and UI facelift. When we did that, it also got the pesky file put into the wrong location.
Discontinued Support for Classic in 2015
Then we decide to end support for Classic in 2015. We most desperately wanted our customs to move to the Pro version. Thousands still refused. Sigh.
We Had Better Update Classic One More Time
Then we made the decision to make one more update and do two things. Cleary alert our users to the fact that we stopped Classic support in 2015 and to fix the pesky file issue so people would not lose their data.
Now remember the fix for the pesky file issue. The fix was to move it to the correct directory for safe keeping. No big deal because that worked without error for 10,000’s of users in Pro. But for Classic that fix didn’t work and instead caused all hell broke lose. So what did really happen?
The file move failed, but it failed for only people who used the first version of My Eyes Only the 2008 - 2012 version. Buy why? And why in the hell didn’t we catch the error in development or testing.
Answer… the pesky file was already in the location where we are trying to move it. Wait how can that be? Well the 1.x version of My Eyes Only also created a file with the exact same name and placed it in the correct location. That happened years ago. Only a user who had Classic for years, had a file in the location where we are trying to move the new file. I know confusing. That is why it took us a few days to figure out.
So the operation that moved the Pesky File failed, because there was already a file with the same name in the destination location.
Why didn’t we catch the error? Because we didn’t. In MEO Pro and new versions of Classic there was no file in that location so the move worked 100% of the time. Who needs error catching? Well, that is a dumb thing to say. We learn a lesson.
Well that’s the story. The critical pesky file never moved and your password could never validate with the existing password hash. Never.
We Had Help Finding the Issue
The only way we figured it out was that many users calmly explained the situation and include key information like, “I have this app for years”, “I’ve been using this app for a long time”, “I first started using this app in 2010”. All that helped.
One user named Todd C. reported that he did a down grade of the My Eyes Only Classic app file and when he did, his password worked. That was a huge clue that made ups concentrate on that Pesky File and find the issue and then the simple solution.
I’m grateful for long term customers, and wish this would have never happened. But it did. We did our best to communicate the critical issue, and to understand the problem and fix it as fast as we could.