#timotimoi'm sure there is already a well-known answer for this, but how do you deal with apps that show you an instrumented browser to do your login in? like, it could just show a green lock and the html it got from the page legitimately, but insert some shady javascript?