The problem with embedded browsers, as Skelker explains, is that it is Google users susceptible to phishing attacks from malicious actors.
Previously, third-party developers could add Web browser instances, such as the Chromium Embedded Framework, to their applications. This allowed users to connect to the service with their existing Google Account without having to sign up for a new account on a brand new platform.
Although embedded browsers have facilitated the registration and login of an application user, it has also simplified the task of a hacker so that he can lead an attack phishing type. Malicious actors could use built-in browser frameworks to listen to an unsuspecting user and steal their login credentials.
Unfortunately, Google can not differentiate legitimate connections from phishing attacks via built-in browser environments. For this reason, the company decided to accept this method from the outset.
The company urges developers using embedded browsers to switch to browser-based OAuth authentication. Basically, when a user wants to connect to a third-party application with the help of his or her Google Account, the app opens the Google login page via his or her mobile browser. In this way, users can view the site's URL in order to make sure it's a legitimate Google page and not a site imposter. Web phishing.