Oh God not this stupid tweet again. He's "hacking" it from a rooted phone. You can't just willy nilly edit those files like that on a normal phone. Fml I would've written a CN under that.

On top of that they didn't infiltrate anything.

Adding onto that: the app is open source. Finding possible weak points was the very reason of this exercise.