They fixed the vulnerabilities after I literally had to cold-call their HQ pretending to know security employees. This is that story. It Started With Free Nuggets So I found out the McDonald's app wasn't checking server-side if you actually had enough reward points. Just client-side validation. I immediately tried to report it. That turned into a whole saga. I managed to reach a software engineer who said he was "too busy" to take my report and would find someone else. I told him it was somethin...