[alexvay]

So I changed my password through my PC yesterday, went to my Android client and, to my surprise, it is logged on the mobile!

It's been more than 12 hours, and the access token for the mobile client is still connected to my account, despite changing my password.

I would expect all tokens to be revoked on-password-change. Really disappointing.

I'll have to set up an SSL proxy later to dump the traffic from Android, see what is happening. Anyone compiled SSLDump for Android?