New Security Token App [Android / IOS] Really secure? Can we trust it?

[Alhanelem]

If you're afraid of the security token app, then you'd better not download any apps ever.

There's not really any way for the software token to be abused, other than you showing someone the number on the screen and having them enter it.

There is little to no difference in safety between the physical token and the software token. Android apps are "sandboxed" which limits the ability of any other software to gain access to or modify or read another app.

You should take such scare-tactic articles with a grain of salt. It's almost impossible for a hacker to get your account compromised via the phone app;

The only way i can imagine your worry happening is someone making a fake security token app, but they wouldn't have any way to get it to generate correct passwords for your account.

When you register the software token, it's tied to your specific phone- if you delete the app, or reset your phone, you'd have to get it removed with your removal password, and then put it back on again. Because of this, there's no way for a hacker to abuse the token. They'd have to get their hands on your actual phone and use it themselves or get a picture of it with a number displayed or something (a "man in the middle" attack)- the only security against this is the same kind of security you guard any other personal information with: yourself.