One word:
Duh.
That shit isn't written with any form of security in mind ... and the idiots using it are completely clueless when it comes to the RealWorld implications of using it.
Gut feeling? Massive class action lawsuits are on the way ...
Researchers from the University of Darmstadt say app developers have exposed 56 million credentials by borking login processes using services from Google, Amazon, and Facebook. The research team tested 750,000 Android and iOS applications, examining the way they used the federated identity services to make authentication …
This post has been deleted by its author
"If, as you say, the idiots using it are completely clueless, then who do you expect to bring the class action lawsuits against the app developers?"
Some lawyer, somewhere, will eventually smell money. Mark my words.
"Oh, by the way, what was that VI exploit you mentioned a month ago, and never updated me on?"
That's "vi", not "VI", rook. I tried to reply a couple times. Apparently ElReg chooses not to allow me to answer your question.