CERT found this problem and reported it to them on or around 9/3/2014:
Finding Android SSL Vulnerabilities with CERT Tapioca
"Snap Secure" v. 9.5 appears on this spreadsheet from CERT, on the "Android App SSL Failures" tab, row 108:
Android apps that fail to validate SSL
I used Burp without the PortSwigger certificate installed, so HTTPS connections would fail. The default Android browser correctly reports this problem, as shown below.
Note: This is version 10.0; updated since CERT warned the company about this vulnerability before 9/3/2014. But they didn't fix the SSL problem.
I clicked "Sign In" and entered test credentials.
Burp revealed the username and password, as shown below, demonstrating the vulnerability.
I looked in Google Play and there is indeed a new version of the app:
And when I connect the new version to Burp the same way, it just hangs on startup. It no longer allows the user to enter any data if it can't make a secure connection.
So I applaud Snap Secure for an efficient, dignified response!
Popular Android Apps with SSL Certificate Validation Failure
Here's the Ars Technica article that got Snap Secure's attention:
Android apps still suffer game-over HTTPS defects 7 months later