Good Idea, Flawed Execution
Prior to iOS 11, developers could leverage SFSafariViewController to interact with Safari in app view a remote view controller for authentication. However, because this is a view controller, it can be hidden from the user. As a result, malicious actors abused this API to track end users without their consent. Apple’s strategy to combat this was to limit the data sharing capabilities of this API to only the app (i.e. creating a sandbox)....