Hacker News new | past | comments | ask | show | jobs | submit login

Except it isn't... Because the app can just show a UI that looks like a browser window, and there's no way for the user to know.



If you open a browser window, there is going to be some things that can't be faked 100% accurately, e.g. on iOS there will be a link back to the app at the top left, there is going to be an animation, and so on.

It could be faked 95% accurately, but that's moot, because like I said, the user hasn't necessarily learned what "trusted UI" is in the first place.


https://news.ycombinator.com/item?id=24470530

Looks like it was a real Facebook login webview.


...which is different from a browser window, running inside the actual system browser.

The difference may of course be subtle, but even obviously fake logins can work on the untrained eye.


Like this old trick.

https://news.ycombinator.com/item?id=4629906




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: