I had to factory reset my Android phone on which the Hubitat app was installed. I just let Google restore the apps and settings and didn't think much of it. I was very surprised to find that my reinstalled phone triggered the presence sensor (and corresponding rules) without any action on my part. Also, when I relaunched Chrome within the phone, it automatically logged back into Hubitat via the browser.
This seems like a big security problem because if the app login can survive a factory reset, anyone with the device could conceivably gain access to the dashboard and thus to the house. No other smart home app does this (Wyze, Google Home, Nexx Home, IFTTT etc.). They all required at a minimum for me to log back in by reentering credentials. Can this be fixed or a setting turned off?
On that note, I really think it's past time to implement 2-factor authentication for logging into Hubitat. I would think that being able to access the entire smart home with its corresponding locks and alarm systems would present an unacceptable risk to many, if a homeowner is lazy with passwords (the same credentials for both Wifi and Hubitat, for example).