Hacker News new | past | comments | ask | show | jobs | submit login

Then, the malicious script can just pop up an official looking dialog box with a message saying that they are 'testing' the confirmation system, and please accept/agree to the next sms/alert from the app.

Having direct control of the user interface is very powerful.




Of course one has to have a minimum of awareness for any protection mechanism to work.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: