Developers are recommended to use browser-based OAuth authentication.
Google has announced that it will start blocking sign-ins from embedded browsers within apps starting June to thwart phishing.
In its official blog, Google notes that one form of phishing, called ‘man in the middle’ (MITM) is hard to detect when an embedded browser framework or another automation platform is used for authentication.
Such a phishing method intercepts the communication between user and Google to gather user’s credentials and sign in. Developers are recommended to use browser-based OAuth authentication that makes signing in secure and enables users to see the full URL of the page.