t; The security assumptions are
>
> 1. Phone is not rooted;
> 2. App Store's vetting of claimed URI is not compromised; etc.
>
> Nat Sakimura
> Chairman, OpenID Foundation
> https://nat.sakimura.org
> 2019年9月11日 4:27 +0900、Masakazu OHTSUKA のメール:
>
> I see.
>
> The
he phone is not compromised.
>
> On Tue, Sep 10, 2019 at 9:58 AM Masakazu OHTSUKA
> wrote:
>
>> Hi,
>>
>> I've read rfc8252 and have questions about native apps, that I couldn't
>> find answers on Internet.
>>
>> Imagine an attacker doing:
&
Hi,
I've read rfc8252 and have questions about native apps, that I couldn't
find answers on Internet.
Imagine an attacker doing:
1. original app and authorization server conforms to rfc8252 4.1.
Authorization Flow for Native Apps Using the Browser
2. clone the original app, name it malicious app
