|
|
|
|
|
|
by crazypyro
4331 days ago
|
|
|
Yeah, I agree. MITM attacking your own auth token is not a great example of an "unrestricted" API. I'm thinking more POST requests to games where you can edit resources, change high score, etc. The kind of stuff you used to see all the time on web games, before popularity increased to the point where the developers had to take care of it. I'd just imagine developers are a lot less wary about security holes because they assume that their client is "just" a smartphone and not a rooted packet sniffer. |
|
|