If I have a mobile app that supports some kind of social login feature, say, to login to the app from my Facebook account, and if the app opens the Facebook login page inside the app in a mobile, is there any way to verify that I am indeed connected to the Facebook site?
This is from an app that lets me sync Instagram profile photo with my phone contacts. I trust this app, and once I log in, I have to accept the app permissions.
The problem is that the links do not open in a standard browser, and I cannot check the URL. If someone were to create an app, add such login button, and opened a fake site to collect my password, it looks quite possible to me because I cannot see any HTTPS EV certificate information or let alone the URL of the login page.
- as a consumer, how can I make sure that such embedded login pages are legit?