iOS 14
KIXIFY - Buy & Sell Sneakers app for iOS (version 3.0.1)
Date: 09/21/20
Description:
Not sure what it is with Sneaker apps, but they sure do love to require extremely intrusive permissions from Twitter in order to create an account using Twitter credentials.
Take a look at the Twitter OAuth page that KIXIFY presents in order to create an account:
That's ridiculous, and no app that sells sneakers needs this level of access.
Steps to Reproduce:
1. Download and launch the KIXIFY app for iOS
2. Select the "Sign in with Twitter" option
3. From the Auth page, scroll down and note that "read, manage, and delete" permissions for Direct Messages is a requirement
Result: the KIXIFY app requires Twitter users to grant the app read, manage and delete access to Direct Messages in order to use Twitter credentials to create an account
Expected: the access to "read, manage, and delete" should NOT be allowed for Twitter accounts that use their account credentials to create an account on KIXIFY
No comments:
Post a Comment