You are viewing a single comment's thread from:

RE: [ANN] Steemy Mobile App - Beta Available for iOS/Android

in #steemit8 years ago (edited)

Downvoted because you still allow master password login. This is unjustified privilege overreach that raises a huge red flag as I already explained to you: master password allows to steal accounts. That's the only thing it does that more specific keys like posting and active keys don't. Why would you need that much priviledges?

Your app shouldn't need more than the posting key. Please remove any possibility to login with the master password, and direct your user to the "permissions" tab to get their posting key.

Sort:  

We will support many ways of logging in, including by specific key. Thanks for the input though. As explained in the post, please only log in with a test account if you choose to log in. Cheers.

You don't get it, or act as if you don't even I know you do because we already had this discussion a couple of times and it was clear that you know what I meant. This makes me even more suspicious regarding your app.

Let me restate that another time. If that doesn't hit home this time I will have to consider that you have bad intentions and escalate the matter to the abuse team. So pay attention this time around.

Allowing users to login with their master passwords is allowing users to compromise their account. Unless you stand to benefit from users compromising their account (for instance by stealing their account), why would you add such a self-defeating feature? Again the simple fact you insist on letting this login method - which you know full well will lead many users to stupidly handover their master password to you - is raising a huge red flag.

I'm that close of considering you a scammer due to your acting as if you didn't understand what I'm talking about in spite of our earlier unambiguous discussion on that matter. It's never too late to fix that though, remove that gaping security threat from your app and I'll stop interfering. If you don't things are going to escalate because I, and other security aware whales, won't let you advertise and app that basically compromises users security.