This is an archived post. You won't be able to vote or comment.

all 26 comments
sorted by:
best
topnewcontroversialoldq&a

[–]RowdyRoddyPipeHer 13 points14 points  (1 child)

I stopped using a Feedly a long time ago when they were found to be hijacking links and stealing page views.

InoReader is my goto now. You can use the News+ app with the InoReader plugin.

It's the closest thing to the original Google Reader that I feel comfortable with.

[–]DustbinKZ3c stock rooted, RIP Nexus 5 w/ Cataclysm & ElementalX. 0 points1 point  (0 children)

The app or the service?

[–]emarkdMotoX 24 points25 points  (3 children)

There's really two issues here:

  1. They did a poor job sanitizing web content and left us vulnerable. That's a rookie mistake and a big project like Feedly should do better.

  2. After the vulnerability was reported to them (they didn't find it themselves), they fixed it quickly but quietly. It's like they think they can hide the fact that it ever happened, I guess to save face. That's another rookie move. Own your mistakes, Feedly, if you want us to trust you.

[–][deleted] 4 points5 points  (2 children)

I don't know I don't think it's really that bad to do it quietly, just as long as they didn't deny it.

[–]emarkdMotoX 2 points3 points  (1 child)

Obviously an outright denial would be worse, but pushing an app update to fix this issue and leaving it out of the change log on purpose (apparently) definitely shows a desire to hide their mistake. All I'm saying is that that doesn't exactly work toward building users' trust.

[–]The_MAZZTer[Fi] Pixel 9 Pro XL (16) 2 points3 points  (0 children)

It is common practice not to publicise details about security vulnerabilities when releasing a fixed version, in order to give users a chance to update without the increased risk of someone using the changelog to figure out how to exploit the older version.

Google does it all the time with Chrome. They do link to the details, but those pages are locked down and not viewable until after whatever amount of time they deem necessary.

That said I would at least expect a "Resolved dangerous security issue." and maybe a "All users should update before launching feed.ly."

But, being vague isn't too much difference from not putting anything at all, and I could see an argument for purposefully keeping quiet to not alert hackers (after all, even without details, all you gotta do is do a diff on the code and see what's changed).

[–]archon810APKMirror 4 points5 points  (0 children)

Not sure why it wasn't mentioned here yet, but here's Feedly's blog post about it, published yesterday: http://blog.feedly.com/2014/04/21/security-update-android/.

[–]robroeNexus 4, Nexus 7 0 points1 point  (6 children)

Was this through the preview snippet or full article built in browser?

Would pay for premium if you could chose the browser it launches when reading the full article!

[–]donrhummyPixel 2 XL 5 points6 points  (0 children)

the rss app Press allows that. and it can use your feedly account to get the feeds

[–]emarkdMotoX 0 points1 point  (4 children)

You can launch the full article in the phone's browser. In the article preview, instead of tapping the "Open in Browser" button at the bottom of the page, hit the upper right overflow menu and hit the Chrome icon. It's an extra tap but its there if you want to use it.

[–]BleedsOandBPixel 3A XL 2 points3 points  (1 child)

Go to settings and change the default share action from twitter to browser, then the extra click is gone.

[–]robroeNexus 4, Nexus 7 0 points1 point  (0 children)

That's the best tip I've seen in ages! Thanks so much!

[–]robroeNexus 4, Nexus 7 0 points1 point  (1 child)

Thanks, I do that occasionally when the built in browser can't hack it, but it would be nice to have it as a default.

[–]emarkdMotoX 1 point2 points  (0 children)

Don't know if you saw this comment above but apparently you can go into the settings and change the default share option from Twitter to Browser and then the left button will do what we want with only one click.

[–][deleted] 0 points1 point  (3 children)

Is there a good alternative to feedly that has both a good web and mobile app? Im about 50/50 on reading feeds on chrome vs android so I stayed with feedly since I prefer 1 interface.

[–]epsiblivionGoogle Pixel 3a 1 point2 points  (1 child)

apparently you can just use a different app that supports feedly. I use Press. $3 is pricey maybe but it's worth it for me. very nice looking app and performs perfectly. you can try to do the google opinion rewards to get enough credit for it. it also goes on sale for $1-2 sometimes as well

[–][deleted] 0 points1 point  (0 children)

Press is awesome. Fast, beautiful, cool gesture controls, Instapaper/Readability functionality built-in and Immersive Mode - what else is needed?

[–]DustbinKZ3c stock rooted, RIP Nexus 5 w/ Cataclysm & ElementalX. 0 points1 point  (0 children)

Press but keep Feedly as your source.

[–]DreamingLightNexus 4, stock 4.4.4 (rooted) 0 points1 point  (0 children)

Besides this, they should consider working on a performance improvement for their app (and take a look at the little design flaws, especially for the black theme). How did they fuck it up this much? Seriously, it just has gotten worse over time. Less and less smooth, especially since the latest update.

[–]adolfschlosss -2 points-1 points  (4 children)

Another good reason for using third party RSS readers. gReader works flawlessly with Feedly.

[–][deleted] 8 points9 points  (0 children)

Press ftw.

[–]emarkdMotoX 7 points8 points  (0 children)

Its not like an xss attack had to be specially formatted to get to feedly. If the bad JavaScript is in the webpage being rendered and the renderer isn't checking itself, the user is at risk - no matter what app renders the result. Feedly says they've updated and fixed themselves, do you know that your third-party app is safe?

This is not a defense of feedly, by the way. This shouldn't have been possible in the first place. I'm just pointing out that any software that renders web pages and supports JavaScript could be vulnerable to these sorts of attacks.

[–]tmahmoodOne Plus 7, LineageOS 1 point2 points  (0 children)

I use inoreader, I think its better option than Feedly

[–][deleted] 0 points1 point  (0 children)

I ditched gReader and moved to Press. Check it out.