Embedded browsers within apps can be useful if you want to use an existing account from another service -- say, your Gmail log-in -- to access their features. However, they're also really easy to weaponize for man-in-the-middle types of phishing attacks. Since Google can't differentiate between a legitimate log-in and a phishing attempt through a browser from within an application, it's blocking sign-ins from all embedded browser frameworks starting in June.
Via: 9to5google
Source: Google Security Blog
Google will block embedded browser log-ins to fight phishing posted first on https://www.engadget.com
No comments:
Post a Comment