How can Google detect a request is from a WebView?

Question

Google announced that they \"will no longer allow OAuth requests to Google in embedded browsers known as \'web-views\'\".

In Android, requests from WebViews get

Answer 1

As others have said there is a range of Differences between the WebView and a normal browser but they are all in data sent in the headers from the browser so you can circumnavigate them.

however there is a libaray https://github.com/Valve/fingerprintjs2 so you could read though that to see the details of what they do. as it creates a device fingerprint so google could employ tack-ticks like this for there detection/

It is also possible that they could have there own Javascript running inside the WebView core code that you can't remove and they could detect it from that. so unless you wrap your own browser as a view you wont be able to circumnavigate the detection.

It is also possible like the above method that they could use the chrome:// system in hidden iframe and detect the content from it to identify E.G chrome://about-view/ and it print the hard coded User-Agent. again the only way to circumnavigate this would be to roll your own browser.

As @WilliamDenniss has said doing the header circumnavigation if they detect they could block your app and your account and as such all apps on your account and preventing you from ever publishing an app again from that account.