undefined | Better HN

Skip to content

Top Best Ask Show New Jobs

0 pointsshadowgovt4y ago0 comments

Check the URL and check the lock icon. If you're feeling extra paranoid, you can also click the log to get more information on the security certificate to confirm it's the certificate belonging to the provider.

0 comments

4 comments · 1 top-level

mortehu4y ago· 3 in thread

If it's in an app you don't necessarily get full browser functionality. You just have to trust the app.

jsnell4y ago

Google does not allow oauth from embedded webviews:

https://developers.googleblog.com/2021/06/upcoming-security-...

So you should never need to trust the app.

Ironically this is more of a problem now on desktop, where eg a website (such as eBay) in Firefox pops up a PayPal login window without an address bar and there is no way to verify the domain without using developer tools

shadowgovtOP4y ago

Good point. Although in general, if it's an app, it's gone through the vetting process to arrive on its app store and such password-thieving shenanigans would have been caught during that process.

(Ensuring the integrity of that process is one of the reasons the app stores constrain so heavily apps that allow for some flavor of self-modification, via embedding a programming language, running downloaded code, etc.).

j / k navigate · click thread line to collapse