Technology
Google bans embedded in-app sign-ins to curb phishing attacks
Google is taking a big step to fight attempts on its users.
In a on the company’s security blog, Google’s Product Manager of Account Security Jonathan Skelker announced that the search giant will begin to block account sign-ins from embedded browsers within applications.
The problem with embedded browsers, as Skelker lays out, is that it leaves Google’s users susceptible to phishing attacks from bad actors.
Previously, third-party developers could add web browser instances, like the Chromium Embedded Framework, to their apps. This allowed users to log into a service with their existing Google account without having to sign-up for a fresh account on a brand new platform.
While embedded browsers may have made it easy for an app user to sign-up or login, it also made it just as simple for a hacker to carry out a man-in-the-middle phishing attack. Malicious actors could use embedded browser frameworks to essentially eavesdrop on an unsuspecting user and steal their login credentials.
Unfortunately, Google can’t differentiate between legitimate sign-ins and a phishing attack through embedded browser frameworks. Because of this, the company has decided to ban this login method outright.
The company is urging developers using embedded browsers to switch to browser-based OAuth authentication. Basically, when a user wants to login to a third-party app using their Google account, the app would open up the Google sign-in page through their mobile browser. This way users can view the URL of the site to ensure this is a legitimate Google page and not a phishing website imposter.
Google it will begin blocking sign-ins from embedded browser frameworks in June.
-
Business6 days ago
Langdock raises $3M with General Catalyst to help businesses avoid vendor lock-in with LLMs
-
Entertainment5 days ago
What Robert Durst did: Everything to know ahead of ‘The Jinx: Part 2’
-
Entertainment5 days ago
This nova is on the verge of exploding. You could see it any day now.
-
Business5 days ago
India’s election overshadowed by the rise of online misinformation
-
Business4 days ago
This camera trades pictures for AI poetry
-
Business5 days ago
CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal
-
Business7 days ago
Screen Skinz raises $1.5 million seed to create custom screen protectors
-
Entertainment7 days ago
Dating culture has become selfish. How do we fix it?