I've been trying to read what's the real issue with the app before, but it seems like the problem was not disclosed. How can the users verify the vulnerability is true, besides relying on what Certik or OKX tells them? I guess this is the risk of using a mobile wallet.
If I know someone who uses this wallet, I'd suggest he move to other apps. Other hot wallets are open-source and are arguably much easier to verify.