Quote Originally Posted by Ziyyigo-Tipyigo View Post
I'd wager most people reading this have given their email password to Facebook.

Fine, we'll add another step:

0.) Super Happy Awesome Funtime XIV app claims to be from S-E themselves. People don't know the difference; they got to the download site through a QR code.

You don't protect yourself from social engineering by assuming you're immune to social engineering.
As far as Apple's Appstore goes, SE is in there as a developer. Good luck getting their name to show up above your shoddy app.
Android's marketplace is just a mess as it is, so I won't even get into that.

Either way, we're talking about a piece of software that has no idea what account it is attached to. The only connection is your SE account having the authenticator's serial number attached to it as well as the algorithm that goes with code generation.