Relatedly, be very careful which apps with "native browsers" you enter 3rd party credentials into. For example if you install an app and it opens a WebView with the google login screen, the app can read and write any arbitrary content to and from the DOM in the WebView.<p>Not sure about android but this is definitely possible on iOS.