When making a connection to an app, the browser is redirected to the app's authorization page hosted by the vendor. When this happens, some vendor's authorization pages use the currently logged in session to authorize access automatically without prompting for log in verification.
For instance, when a user syncs his or her app account or device in the App Marketplace, there is already another user logged in to that same app account or device. This happens largely on browsers in shared computers. Even though the previous user has already disconnected from the App Marketplace and was not able to logged out from the his or her application account, the user is still active in that same app account. This may sometimes cause confusion as new users may think that their own account was already synced when in fact a different account was synced due to the browser caching.
Unfortunately, we do not have any control to ensure that the user is not logged in when we redirect the user to the specific application website for them to login when they are syncing their accounts as this is a browser controlled situation. What we would strongly suggest is to have the user ensure that his or her own account is already logged in or if not log out from the application website and then log in the correct account details before connecting to the App Marketplace.
For additional reference, here is a list of known applications which save account credentials in browser cache.
- Under Armour