Screen shots:

1. How can potential users know that they can trust the app and any future updates with their login details ?

and for that reason alone, I am OUT

Given that login details give someone access to the account, surely the ideal solution would be for SS and other agencies to officially vet any apps which require login details ( - also any updates and the advertising services which are incorporated). i.e. - to give their stamp of approval.

Report: Android malware and spyware apps spike in the Google Play Store (infoworld)

Many apps use ad networks legitimately, but some ad networks are used essentially as money-laundering mechanisms for data obtained through deceptive practices within apps, as well as through spyware apps. Developers may not be aware that their apps use such "gray market" ad networks or have components obtained from other developers that are actually spyware. Legitimate ad networks can also be conduits for such "gray market" apps. Manousos said its count of suspect apps that used ad networks included only apps that antivirus vendors or other investigations separately identified as problematic, so the count does not include all apps that use ad networks.

But while the number of malicious Android apps is rising, the percentage of them removed by Google is on the decline, researchers said. In 2011 Google removed 60 percent of malicious apps, but in 2013 the company removed less than a quarter of them, the report said. That's probably due to the rapid increase in malicious software. Manousos told InfoWorld that he theorizes that Google takes down apps only after it has received enought complaints or alerts from security researchers, creating a delay in its takedowns to the 2013 surge. Unlike Apple, Google does not vet apps rigorously before they are made available in its app store, he noted.

Couldn't someone start by changing the email address ? Even potentially if that requires an email handshake via the original address. Some of those credentials are already going to be out there.

I am absolutely not doubting your own sincerity. But these are questions people need to ask anytime someone asks them for their login details. How people access their accounts is something everyone needs to be very cautious about. Especially given the Android malware problem.

That's why I am suggesting that these sorts of apps would be best approved by the agencies.

What do the SS TOS say about giving out your password to other entities? How often does this log on?

duplicate

At the very least, if your password is stolen, what will be your biggest possible loss? The thief(developer) will login to your account and modify your paypal or skrill adress and steal all your earnings? This is not likely to happen because shutterstock will inform you the change of your pay email address. and even the thief succeed to steal one account because you ignore the notification email from shutterstock, it's impossible for the thief to succeed again and again. The app will be abandoned by all the users very quickly.  It is not wise for the app developer to do this.

Wow, sounds like you really have some skin in this app.  You talk as if someone hijacks your account it's really not that big a deal.  Bull. Talk to Luis.  He just went through some similar to this and had a crap of a time getting his account back and the money they stole. I am with Bunhill and Luis, NO THANK YOU.

I really appreciate the cool app but 'Security' comes first. The more doors you have open the more changes of getting hacked thus I will log into my sites and put the numbers into my excel sheet. Only my pet cat has access to my computer room...

Thank you, onetoremember, for explaining some details for me.

To Goofy, Some data you want to explore may need complicated statistics, maybe it is  beyond excel's ability.

For all people who concerns about the security about account, I want to explain further here. Trust or not, Use or not, I fully respect your choice and understand your decision.

The app doesn't store your password locally, the only chance you may store your password locally is when you click the signin button and the browser will ask if you want the browser to save the password (shown below), this is a standard behavior of all modern web browsers. You can choose 'Never' to prevent the browser from saving the password for you.


Also, the app talks to ss server directly, there's no intermediate server between the app and ss server.
as I stated before: In the app, you log on to ss just like you do in the web browser.  The account information is absolutely not stored on any intermediate server.

For those who may be interested,  the app is also available in Apple App Store: https://itunes.apple.com/us/app/ss.stats/id828818008?ls=1&mt=8. Feel free to download and use.