Although there's a lot of vulnerabilities regarding the use of embedded browsers, they are still widely used and sometimes required in specific use cases. Before using embedded browsers, just be aware of the vulnerabilities described in RFC 8252 and make sure that you can't use in-app browser
tabs as an alternative. For Android, you can use the Custom
tabs feature that is described by the official documentation at https://developer.chrome.com/multidevice/android/customtabs. This recipe presents you with how to use embedded browsers (Android WebView) using the Implicit grant type just for brevity purposes.
Note
As an advice, useWebView
judiciously because of issues mentioned in OAuth 2.0 for native apps specification (RFC 8252).
Remember to use the Authorization Code grant type if you are developing a production application.