[ilyagr]

I'm very confused about how bad this is, the article seems unclear. Does it allow malicious apps steal the OTA codes? Does it allow malicious apps to steal the keys used to generate the OTA codes? Does it allow a user to see the keys? Is it none of the above?

All I get from the article is that the user might be able to see the OTA codes in a roundabout way. If that's the entire problem, why is it a problem?

[willstrafach]

It is difficult to understand, but it seems like the app normally has some sort of PIN protection in order to open it. This is apparently a bypass method for that protection.

Maybe I am misunderstanding, but it really does not seem like much of a big deal, as someone would need to have your phone in hand as well as your lock screen passcode.

The title seems pretty dishonest, if my interpretation of this issue is correct.