garethwright :: I’ve made posts about various iOS games and the fact that developers, rather than encode add to keychain or save values in the binaries, choose to save those values in plain text plists. The majority of traffic to this site is to the pages relating to using these oversights for cheating in iOS games, but high scores should be the least of their worries. Whilst poking around in a few applications directories using the free tool iexplorer (previously iphone explorer), I stumbled into a plain text Facebook access token in the popular Draw Something. ... I copied the hash and tested a few FQL queries. Sure enough I could pull back pretty much any information from my Facebook account.
The Next Web has confirmed that it doesn't need the device to be jailbreak.
Continue to read Gareth Wright, garethwright.com