I lost admin controls over all my private repos (can’t even invite collaborators). I installed an IOS app called ‘GitLab Control’ that prompted a permission request and created an all access API token. Then, my most basic admin control vanished from my web UI and the app doesn’t allow me to reverse it.
I’m trying to understand if the app is legit or if it hijacked my account.
What I know:
- No users have admin, only the app does
- The app only exposes a partial API key, not sure I can extract it (can’t long press to copy it)
The app has an option ‘Unlink Host’. Could it be that once I unlink the API, my user regains admin over its own repos? I’m concerned that if I unlink I’ll lose my last ability to get back control.