> I realize that broken encryption is considered an effective access control in this context despite it being broken, but apps like Newpipe aren't even breaking encryption, right?
Encryption isn't the only access control. "Access control" is a pretty loose term. I think of it as being similar to what (in the US) counts as "breaking" in a breaking-and-entering charge: you've "broken into" a place if you had to move anything in order to enter. Even a door that is partially ajar and you had to slightly move it to slip by.
I don't know in this particular piece of software. I'm just saying that an "effective access control" can be something very trivial. It doesn't have to be anything as sophisticated as encryption.
Just to speculate, it could be something like using the user's login credentials.
Encryption isn't the only access control. "Access control" is a pretty loose term. I think of it as being similar to what (in the US) counts as "breaking" in a breaking-and-entering charge: you've "broken into" a place if you had to move anything in order to enter. Even a door that is partially ajar and you had to slightly move it to slip by.