undefined | Better HN

0 pointsHappyTypist9y ago0 comments

It was some JavaScript injected into the WebView that automatically clicked confirm and sent a message to reposition the WebView offscreen as soon as that happens.

0 comments

illumin89y ago

If they did that, they don't deserve a second chance at trust. That is outright malicious, and definitely a dark pattern. Their app deserves to be deleted and not used again.

Oauth2 has some serious holes - I have no idea if the Google login page is served by Google, or is simply a copy of their landing page designed to phish for credentials. This needs to be fixed as Oauth is becoming increasingly prevalent. We need some type of web of trust like SSL EV that gives me attestation the Oauth login page is being served by the company that I think it is.

madeofpalk9y ago

This is why providers like FitBit require that you use APIs such as Chrome Custom Tabs or SafariViewController, where the OS presents an out-of-process limited web view that the host app doesn't have access to.

blixt9y ago

Terrible if true. Is there a source for this claim?

madeofpalk9y ago

[citation needed]

revelation9y ago

They did that? That doesn't sound like a mistake, that sounds like a CFAA felony.

j / k navigate · click thread line to collapse

0 comments

illumin89y ago

If they did that, they don't deserve a second chance at trust. That is outright malicious, and definitely a dark pattern. Their app deserves to be deleted and not used again.

madeofpalk9y ago

blixt9y ago

Terrible if true. Is there a source for this claim?

madeofpalk9y ago

[citation needed]

revelation9y ago

They did that? That doesn't sound like a mistake, that sounds like a CFAA felony.

j / k navigate · click thread line to collapse