It doesn’t matter that website loads javascript code for logged in user, as you need a token (which server will give you after a successful login) to authenticate to apis, it is pretty common to do that way

There wasn’t a client side API, but the API was missing crucial validation of user input (eg only checking the mac address but didn’t check who is actually authenticated)

I’m experiencing a similar issue on my phone and I’m using ublock, it is draining the battery very fast and making the phone hot.

I wonder if there is a good alternative/degoogled chrome for Android?