
Web Based OAuth Is a Security Nightmare for Apps - edent
https://shkspr.mobi/blog/2015/05/web-based-oauth-is-a-security-nightmare-for-apps/
======
zimpenfish
MITM proof of concept on iOS - [http://furbo.org/2014/09/24/in-app-browsers-
considered-harmf...](http://furbo.org/2014/09/24/in-app-browsers-considered-
harmful/)

~~~
edent
Interesting. I wonder if it would work on Android as well?

~~~
mattkrea
Of course it would. WebView on android can be displayed without the URL bar
just as easily.

