
Dropbox fixes app rejection issue, complies with Apple's rules - jacquesm
http://www.appleinsider.com/articles/12/05/11/dropbox_fixes_app_rejection_issue_complies_with_apples_rules.html
======
nupark2
I wish that they had taken this opportunity to discard the use of OAuth. These
are native applications, not web applications, and there's near zero security
value to using OAuth.

When mixing OAuth and native applications written by non-nefarious parties,
the only entity you're preventing from reading the user's password is the user
themselves.

However, if a nefarious party writes a native app, they can easily acquire the
password even if you _do_ use OAuth.

It's a case of bad UX being pushed on users due to fundamental cultural
misunderstandings between the web teams declaring authentication requirements,
and the native developers who want to provide the best UI.

Twitter is absolutely doing this correctly by providing xAuth for use by
native applications.

------
phil
Wonder if some day they'll do the same thing to Facebook as well, since you
auth in Safari if the FB app is not installed and you can buy ads on the FB
site.

------
jeffehobbs
My experiences with the App Store app reviewers has always been the "worst
game of telephone ever" as well. My condolences to anyone who ever has to go
through that.

~~~
nextstep
It's seems like you (and the original poster) don't know understand the game
telephone. Telephone is when, through a series of repetitions, an original
message is altered to something nonsensical.

I think the term you were searching for is "phone tag," where two parties
repeatedly miss eachother with phone calls and instead communicate through
phone messages.

------
bookwormAT
It does seem that Dropbox did not fix the app rejection issue at all. Instead,
they complied with Apple's demands until Apple approved the app again.

