DHgate - Online Wholesale Stores app for iOS (version 5.0.4)
Date: 03/22/20
Description:
Yet another app that goes way too overboard in regards to Twitter permissions and account creation. Like some other apps, DHgate has an option to use either Facebook or Twitter to create an account.
The Twitter option with the DHgate app has a Twitter login page explaining permissions. This particular app requests the ability to "read, manage and delete" the direct messages of the connected Twitter account.
NO third party app - under any circumstances - should have that access. Most especially an e-commerce app.
Take a look at the permissions requested:
Steps to Reproduce:
1. Download and launch the DHgate - Online Wholesale Stores app for iOS
2. Select the Account option
3. From the "My Account" page, select the "Sign in or Join Free" option
4. From under the "Sign in with your social account" options, select the Twitter icon
5. Note the Twitter permissions requested
Result: The Twitter permissions requested by the DHgate app are too intrusive - the app requires the ability to "Send Direct Messages for you and read, manage, and delete your Direct Messages"
Expected: Read, manage and delete permissions for Twitter account creation with the DHgate app are too intrusive!
No comments:
Post a Comment