[bad_user]

A while back you could query the apps currently active on iOS and there was a big scandal that Twitter was doing it, being reported by the media as a secret vulnerability, which was bullshit since that "vulnerability" was fairly well known already and in use by ad platforms. And at a previous company we used it for more than a year I think, before being in the news. I don't know what happened after that, Apple must have closed that loophole and Android requires a specific permission. But there are always vulnerabilities that developers can exploit and you can't trust the OS on this one.

Plus it really doesn't matter, because when it comes to security, there's also the issue of the mono-culture and user technical stupidity. We know that many people use Gmail, Facebook, Twitter, etc, most of them reusing passwords across services. And logging the user's copy/pasted texts gives you such a specific dictionary that the probability of getting hacked approaches 1 fast.