To exploit this and acquire the door dash account credentials: One must first gain access to an individual’s device and the device password to grant adb access on an untrusted machine. Then grep the door dash request from logcat while simultaneously initiating a door dash auth challenge using the very same credentials you are trying to acquire.

I’m not saying plaintext credential logging is at all acceptable, but I’m also not sure this is headline worthy. Unless I’m missing something?