Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover.

The main differences between OAUTH and OAUTH2 are that the latter requires HTTPS, and the access tokens that allow an application to use specific services in a user account have an expiry.

Applications that communicate with OAuth-enabled services can use a set of keys—called the consumer key and consumer secret—to uniquely identify themselves to the service.