Nice catch, but something tells me if this hole were exploited, it'd be easily and quickly shut down.
The next question is, I'm guessing most apps store the access token somewhere for future use, is there a permission that apps can have that let them at this storage? Hope the FB SDK encourages safe handling (encryption, etc) of the access token.
The next question is, I'm guessing most apps store the access token somewhere for future use, is there a permission that apps can have that let them at this storage? Hope the FB SDK encourages safe handling (encryption, etc) of the access token.