I wish that they had taken this opportunity to discard the use of OAuth. These are native applications, not web applications, and there's near zero security value to using OAuth.
When mixing OAuth and native applications written by non-nefarious parties, the only entity you're preventing from reading the user's password is the user themselves.
However, if a nefarious party writes a native app, they can easily acquire the password even if you do use OAuth.
It's a case of bad UX being pushed on users due to fundamental cultural misunderstandings between the web teams declaring authentication requirements, and the native developers who want to provide the best UI.
Twitter is absolutely doing this correctly by providing xAuth for use by native applications.
Wonder if some day they'll do the same thing to Facebook as well, since you auth in Safari if the FB app is not installed and you can buy ads on the FB site.
My experiences with the App Store app reviewers has always been the "worst game of telephone ever" as well. My condolences to anyone who ever has to go through that.
It's seems like you (and the original poster) don't know understand the game telephone. Telephone is when, through a series of repetitions, an original message is altered to something nonsensical.
I think the term you were searching for is "phone tag," where two parties repeatedly miss eachother with phone calls and instead communicate through phone messages.
When mixing OAuth and native applications written by non-nefarious parties, the only entity you're preventing from reading the user's password is the user themselves.
However, if a nefarious party writes a native app, they can easily acquire the password even if you do use OAuth.
It's a case of bad UX being pushed on users due to fundamental cultural misunderstandings between the web teams declaring authentication requirements, and the native developers who want to provide the best UI.
Twitter is absolutely doing this correctly by providing xAuth for use by native applications.