I have a native iOS app that works with GitHub's API. I had the exact same concern as you. As a user, I would much rather use an oath of flow instead of entering my password.
Unfortunately, GitHub actually suggests you use basic auth for native applications. Their reasoning is that the application secret would need to be shipped with the binary, thus making it… not secret (even with various obfuscation).
I don't know what their reasoning is, but there's another obvious reason - if you're trying to protect against a malicious app, unless you get it from the App Store so you can be assured it's sandboxed and it uses an external web browser to show the OAuth dialog, you don't have any real guarantee that it can't steal your password anyway. Although it might be easier to write an app that steals your password if you enter it directly, that's not much real security - to that extent, the sense of protection that the OAuth dialog gives you is false. (This is especially silly for iPhone Twitter apps, where the standard is to pop up a web view which the app can easily inject JavaScript into.)
One nice thing about Windows 8 app development is that they provide a method through WebAuthenticationBroker to have the browser instance hosted in a secure separate process from your app to prevent any shenanigans.
Unfortunately, GitHub actually suggests you use basic auth for native applications. Their reasoning is that the application secret would need to be shipped with the binary, thus making it… not secret (even with various obfuscation).
Source: http://developer.github.com/v3/oauth/#non-web-application-fl...