EDIT: Saw a few mention two solutions to disable the automatic verification on iOS & macOS.
https://blog.cloudflare.com/how-to-enable-private-access-tok...
1. Someone could set up a server that proxies WEI required requests to regular clients. The client initiates the process, the request goes to the middleman, the middleman makes the proper WEI authorized request, gets the response, passes the response back to the client.
2. The private key could leak somehow, and so, software can forge the required signature.
I'm not holding my breath for either one. Some kind of regulation has to step in, otherwise Google puts the internet in a chokehold.