"Furthermore, The Next Web has confirmed that the same issue affects Dropbox for iOS, similarly allowing a user to simply copy the .plist file from one device to another in order to gain access to the account." Isn't this how prefs/config files are supposed to behave? I am doing exactly the same thing in all of my applications on Mac/Win/iOS. I put stuff into some file and if you move that file to another device my applications will use that file as if it was created on that device. Every time I buy new Mac I drag a lot of files/folders from ~/Library/Preferences (and few other places) folder and I have everything set up on my new computer. Favorites/Bookmarks, cookies, even logins into web forums. Everything works as if I am using my old computer. In short, I use Dropbox iOS framework and I am using it the way everybody else does. The framework saves everything in user defaults - DBSession.m: Code: NSMutableDictionary *credentials = [NSMutableDictionary dictionaryWithDictionary:baseCredentials]; ... [[NSUserDefaults standardUserDefaults] setObject:credentials forKey:kDBDropboxSavedCredentials]; Username/mail and password are not saved, only OAuth token. What else should they do?