Basecamp: Account takeover via insecure intent handling
The Basecamp app was vulnerable to account takeover due to insecure intent handling. A malicious app installed on the same device could obtain the user's Oauth2 token and take over their account...