Coinbase: OAUTH pemission set as true= lead to authorize malicious application

ID H1:87561
Type hackerone
Reporter paresh_parmar
Modified 2015-12-01T14:26:06


OAuth authorize button in the Coinbase Android App did not have the android:filterTouchesWhenObscured attribute set to true, which may have made it vulnerable to tap-jacking.

Reported UI Redressing (Clickjacking) For Mobile application of Coinbase , attack scenario is same as which is reported by @paulos_