Modernizing OAuth interactions in Native Apps for Better Usability and Security

Google announced a shift away from supporting OAuth requests via embedded browsers, or "web-views," in native apps to enhance security and usability, with a phased deprecation schedule beginning on October 20, 2016. This change encourages the use of device browsers, which allow users to sign in once per device and improve conversion rates for sign-in and authorization flows by utilizing existing logged-in sessions. Embedded browsers require repeated sign-ins and pose security risks as apps can inspect and modify content. Google provides libraries such as Google Sign-In and AppAuth to aid developers in transitioning to best practices for OAuth flows, and recommends updating to the latest versions for improved security and usability. While WebView support on iOS 8 remains for now, notices may prompt users to upgrade their devices for enhanced security. Notifications of this deprecation have been added to consent pages on iOS and Android, and developers can acknowledge the change with a specific URL parameter to remove these notices.