The Register: It’s the app developer’s equivalent of hiding the door keys under the mat: researchers from Columbia University have found Android apps containing the developers’ secret keys.
That’s a more serious issue than the old “don’t re-use passwords”: the thousands of credentials embedded by developers, blithely assuming they’re not visible to an end user, were OAuth tokens valid on other sites