Comment by ranger_danger

What are you implying? That it will become ineffective due to that?

That's possible... and they might change their mind if so, we will see.

I feel like it's a similar issue to when scrapers pretend to be an allowed-origin webpage in order to abuse "public" API keys for web services.

They could also require the mobile device to interact with the requesting webpage in some manner, similar to mutual PIN/codes for Bluetooth/TV pairing these days. That way bulk sharing of the codes would still require active participation from the device that requested it in the first place, likely with a short time limit.