DEF-003 — Cross-account vehicle data prefilled after sign-up; cannot edit VIN

Critical severity
Pending Retest
Defect DEF-003 — Severity: Critical · Status: Pending Retest
Published

2025-12-26

DEF-003 — Cross-account vehicle data prefilled after sign-up; cannot edit VIN

Summary

After signing up with a new account and being redirected to Add Your Vehicle, the form sometimes shows pre-populated values from the last vehicle added under a different account. If you tap Add, the app can move to a state where you can no longer go back to edit the VIN. The app can remain stuck in this Selected Vehicle/Add Vehicle view even after closing and restarting.

Environment

  • Platform: DriveLink iOS App
  • Area: Registration / Vehicle Enrollment / Data Integrity
  • Requirement(s): FR-01 (User Registration), FR-02 (Vehicle Enrollment), FR-03 (Multi-vehicle management)
  • Date Reported: 2025-12-26
  • Testing Phase: iOS App Initial Execution (3rd Milestone)

Steps to Reproduce

  1. Sign up with a new account
  2. Get redirected to Add Your Vehicle
  3. Observe the form values (vehicle info/VIN) are pre-populated with data from a different account
  4. Tap Add
  5. Observe user lands in a view where they can no longer go back to edit the VIN
  6. Close and restart app → user remains stuck in Selected Vehicle/Add Vehicle view

Expected Behaviour

Vehicle data must be isolated per account and the Add Vehicle form must not prefill with another account’s last-entered values. If submission fails or needs correction, the user must be able to return to the form and edit the VIN. If the user becomes blocked, there must be a safe navigation path (back/cancel/logout) without requiring an app reinstall.

Actual Behaviour

After signing up with a new account and being redirected to Add Your Vehicle, the form sometimes shows pre-populated values from the last vehicle added under a different account. If you tap Add, the app can move to a state where you can no longer go back to edit the VIN. The app can remain stuck in this Selected Vehicle/Add Vehicle view even after closing and restarting.

Workaround

Delete the app and reinstall to return to the main UI.

Impact

  • Potential cross-account data leakage (security/privacy)
  • User can get blocked in vehicle enrollment
  • Requires app reinstall to recover

Severity

Critical

Status

Pending Retest (as of the February 8, 2026 status report) - Dev Fix Claimed: Yes - Note: Developer claims fixed with back/edit button — awaiting verification

Reported By

QA / Testing Team