I think the even bigger problem is.....
users access tokens being handed out to world+dog by the likes of Facebook.
You can even find the API's for grabbing users access tokens inside repackaged apps on third party app stores that are known for delivering malware/adware.
(Remember the Cambridge Survey?)
Biting the hand that feeds IT
