In-App browsers allow iOS app devs to steal user credentials and inject ads

One issue I see with this is custom browsers (e.g. Chrome). Since the only Apple-sanctioned way to implement a custom browser on iOS is WKWebView, there would need to be an exception for browsers. And then Facebook (and all the others) would just create their "Facebook Browser" apps, which the main app would redirect you to when you click a link.

Personally I wouldn't mind if Apple just killed off WKWebView altogether, but some people do rely on 3rd party browsers