The keys are already public, he’s not documenting some super secret zero-day way of extracting keys. He… downloaded the app and unzipped it, basically.
Be angry at the company who clearly don’t have a clue how to secure anything.
You can be angry at both the company and the person who publicly revealed the issue without first trying to inform the company. That's literally white-hat-hacking 101.
They keys may already be public (technically), but he is the one publicizing it and posting it on Hacker News. OP is also clearly aware of how much harm can be done using these keys, since he asks people to not use them.
If anyone really wanted to they could probably figure out who you are based off your comment history, all of which is “public information.” So it’s cool if they use your name and list your address right?
Or let’s just remove you from the equation: do you agree doxxing is wrong regardless if the info is publicly available?
They keys may already be public (technically), but he is the one publicizing it and posting it on Hacker News. OP is also clearly aware of how much harm can be done using these keys, since he asks people to not use them.