We want to build a checkout-button (like the paypal one) that others can integrate.
It will be a web component that can be parameterized with a product-id from the omo market.
When the user clicks the button, a purchase is initiated.
This webcomponent can be easily replicated (its open source) and placed anywhere.
A careless user who doesn't check app name, payment recipient etc. could now be phished with reasonable effort.
An already logged-on user however would get the cue of a redundant authorization dialog for an already authorized app.
The only chance I see to prevent this, is to keep processes simple and interruption through dialogs etc. to a minimum, so that these interruptions cause the user to be at least a little bit cautious when one pops-up.
My concern:
App with very similar name, and/or domain name, that poses as an other app.
Possible solution, show phishing warning if previously gave access to an app with a very similar (domain) name.
Tracking issue for phishing concerns.
Concern #1 by @jaensen:
My concern: App with very similar name, and/or domain name, that poses as an other app. Possible solution, show phishing warning if previously gave access to an app with a very similar (domain) name.