I see sometimes there are social media secrets inside of apps. This means that another app can impersonate the target app by sending Facebook or Google the target app’s token. However, what damage does this actually cause? I don’t think someone can steal user data this way, only just maybe run up an expensive bill on behalf of the target app?