Hacker News new | ask | show | jobs
by nupark2 5514 days ago
If the "third party" is actually a malicious native application, they can just simulate the launch of Safari, and most users probably won't even notice.

In this threat model, OAuth is practically a security no-op and a huge usability negative.
1 comments
chrismoos 5513 days ago
Yeah they could simulate the launch, good point. I guess you'd have to hit the home button to know you are leaving the app. Sucks :(
link