iOS can do this too. But most developers use in-app web views to try and make it slightly nicer for their users. It's too late to demand that oAuth always go to the native browser. You use oAuth apps, chances are you're using an embedded view that you're taking on trust.