Yes, that is what I was referring to. Of course it doesn't prove anything either way. It's simply one data-point surrounding the app, and its relevance is not clear (after all, I don't know who uploaded the screenshot, although those accounts do look like "test" accounts a dev might use?).

I think I might take a closer look: if Matt Green found this app entertainingly bad, even though I'd never heard of it before today, that makes me a little curious.

I'll probably announce if there are any clear signs, but Matt seemed to have not found any, and that wouldn't surprise me: attribution is rarely easy and caution always needs to be borne in mind as to accuracy - especially when it comes to trying to tell apart intentional awfulness (happily, rare - but not completely unheard of) from genuine amateur hour (sadly, all-too-common).

As a clever attacker who wanted a backdoored app could well just deliberately outsource it to someone cluelessly inept, for that authentic (and, incidentally, ultra-cheap) feel, there's an element of Poe's law at hand: how do you ultimately know?