Embedded browsers within apps can be useful if you want to use an existing account from another service — say, your Gmail log-in — to access their features. However, they’re also really easy to weaponize for man-in-the-middle types of phishing attacks. Since Google can’t differentiate between a legitimate log-in and a phishing attempt through a browser from within an application, it’s blocking sign-ins from all embedded browser frameworks starting in June.
In the near future, you’ll find yourself getting switched to Chrome, Safari, Firefox or other mobile browsers when you have to sign in to access an application. The tech giant is advising developers to switch to browser-based OAuth authentication, which shows the URL of the page you’re on and could, in turn, help you avoid phishing attacks.