[ubercow13]

This is a poor rebuttal.

>Mobile applications should be using the system browser, not a WebView

Maybe honest ones, however there is no reason a dishonest app that is trying to steal your Google account should stick to best practices.

>I can also make an application which opens an OAuth page to a fake-google.com which looks exactly like Google

You have ignored the part about bypassing Google's IP and location based fraud detection. Your idea wouldn't work.