If I found out that Android was eavesdropping my Spotify credentials, I'd be just as stupified, yes.
If I found that Android built in some Spotify integration that worked by stealing my active session cookies to do some backdoor integration with it, and billed it as some future AI smart service, I'd find it equally g-d absurd, yes.
Do I think that me logging into the Spotify app, in Android, and it exchanging those credentials for an app-internal access token is the same as a server hijacking my session? No, not really, I don't.
That's what's so damn brazen and shoddy about this. SPOTIFY HAS OAUTH.
I have no idea what you are trying to say. The device works by running apps for Spotify, Uber etc. in a VM and logging you into it. They say it right on their homepage. If you don't trust it, sure don't buy it. That's your own decision, but doesn't make them any more right or wrong.
I'm saying it's shoddy, and scammy, and I can't believe anyone would lift a finger to defend this type of product, engineering, or actively training people to get phished. Hope that clarifies.
Well, I actually don't. I only use hardware from companies that I have a semblance of trust in, and I certainly don't run around entering my Spotify or Uber password into other services.
You give all of those to every smartphone maker. Why is this any different? Is there evidence that their handling is insecure?