Hey Vittorio (cc'ing OAuth list as this was brought up in the office hours today)
https://developer.android.com/training/app-links An app is the default handler and the developer has verified ownership of the HTTPS URL. While a user can override the app being the default handler in the system settings -- I don't see how a malicious app can be the default setting. What am I missing? /Dick ᐧ
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
