Η Google has decided to go ahead with a ban on logins from "embedded browsers" since June of 2019. But why did the company take this decision? For reasons security. In particular, to reduce the likelihood of man-in-the-middle attacks, which have been increasing lately.
When someone connects to applications through an embedded browser, they are more likely to fall victim to man-in-the-middle attack. For example, the Chromium embedded framework or CEF, is such a browser and is used by many people to connect to the Steam client, Evernote and Amazon music.
Unfortunately, finding a MITM attack when users are connected via an embedded browser is not possible.
For this reason, Google has decided to completely prohibit the connections made by such a browser. In fact, he will add him OAuth authentication. Whenever users want to connect somewhere, they will be transferred to another browser, such as Safari, Chrome, and others.
With this process, Google will be sure there is no risk of an attack. Also, the user will be able to get more information as the full login URL will be revealed.
OAuth authentication involves three parts. The first part is the OAuth Client, ie application to which you want to connect. The second part is the OAuth provider, e.g. Facebook, Twitter, Instagram. Finally, the third party is the owner himself.
This control system allows OAuth clients to access user data safely without the risk of password leaks.
Since many people do not use two-factor authentication, Google has suggested this method for greater security and protection.
Google had to act as man-in-the-middle attacks have increased. The company has long been trying to deal with them. Recently, he did information in Gmail, adding the MTA-STS standard. With this update, hackers can not access emails sent to and from Gmail.
Man-in-the-middle attacks can cause many problems. A hacker can steal credentials, which is the most common, but also install malicious programs and illegal certificates on the victims' computers.
Installing false certificates is done to "deceive" the anti-virus and allow the installation of a malicious program, considering it harmless.
Whatever the case, either the risk of an attack is large or small, everyone should take as many steps as possible to be safe on the internet.