“We’re constantly working to improve our phishing protections to keep your information secure,” account security product manager Jonathan Skelker wrote in a blog post. “This is yet another layer of protection on top of existing safeguards like Safe Browsing warnings, Gmail spam filters, and account sign-in challenges.”
With the change, Google’s specifically targeting man in the middle (MITM) attacks, which is says are difficult to detect from automation platforms like embedded browser frameworks. MITM intercepts data exchanges between users and servers in real-team to gather credentials — behavior that Google can’t differentiate from legitimate sign-in attempts.
As an alternative to embedded browser frameworks, Google’s suggesting that developers use browser-based OAuth authentication, which enables users to see the full URL of the page where they’re entering their credentials. “If you are a developer with an app that requires access to Google Account data, switch to using browser-based OAuth authentication today,” Skelker said.
Today’s announcement comes roughly two years after Google restricted sign-ins using Webview, or browsers bundled within mobile apps. In a related development in February, Google said that it was actively testing improved phishing- and malware-filtering models within Gmail, and claimed that it’s now blocking more than 100 million more spam emails a day.
The post Google will begin to block sign-ins from embedded browser frameworks in June appeared first on Venture Beat.