I have the offical Yahoo mail app and the Dropbox app installed on my Note 2, and had signed in to both. Then I changed passwords for both on desktop websites, thinking that I would have to re-sign in on my Note 2. To my surprise, I didn't have to. I could continue using those apps as if nothing had happened. In fact, I couldn't find anywhere in those apps that would let me enter a password. So my two questions are (1) how did those apps know my new passwords, and (2) isn't it kind of unsafe to have my Note 2 automatically obtaining new passwords, especially if my Note 2 were stolen?
I'm not sure about yahoo mail unfortunately sorry. I'm a gmail kind of person.
With dropbox, I believe that you give access to your phone by dropbox. I'm not sure if you're a twitter kind of guy but if you authorize an app to your twitter, even if you change your password they are still authorized to your account because you allowed it to be.
I wouldn't say it's a security bug as you can lock your phone when or if you were to lose it with Samsungs findmyphone feature. It will allow you to GPS locate, ring, lock, delete data with this feature. Locking it will allow you to lock the whole phone. Making it unusable (When you lock it, you assign a pin) then when you find it again, you enter the pin and it will be unlocked again. This meaning all apps will be safe away. It's advised to lock it if it were to be lost, then use the GPS locator to locate your phone to the closest position. It will turn the GPS on your phone even if it's turned off and if the phone has been tampered with meaning the GPS cannot be turned on, It will show you the last known location.