Dear users, whenever an app asks you to login using Google (or most other SSO providers, like Facebook) inside of a webview in the app itself, do not do it.
The reason is simple: the app can control the webview contents, and access the account data you enter in a lot of ways, including getting you to a fake login page.
If you're using Google to log into an app, only do it using the native account authorization flow (no account data entry required). Similar thing for Facebook in some cases, and Dropbox as well.
Twitter is the notable exception here as it doesn't have a native flow. It is though still possible to send the user to the system browser, so that the identity of the SSO provider can be verified (https sign, visible url, etc).
Developers, please don't ever do this. This is not needed, secure nor a good UX.