Issuing a client in an OAuth application with implicit authorization

From the OAuth project, implicit section :

When issuing an access token during an implicit grant flow, the authorization server does not authenticate the client.

Now suppose the following:

• I have an application for Android or iOS.
• I use OAuth implicit permission to get access token for some resource. This will happen through the web view.
• A user has allowed my application to use a resource. It means:
  • It is authenticated in the original service with the resource.
  • And the webview will contain it there.
• There is a malicious Android or iOS application trying to get an access token using the same client_idone I use in my application ( client impersonating ). It also has the same ones redirect_urithat in native applications may be similar to fb://blabla.
• As I understand it, this malicious application can get the access token, which originally belongs to me client_id, also using the web view. This is because the user is not even aware of the client_idone that is mine, because of 3.1 and 3.2.
• He can do harmful things with him, in addition to speed limits (from several providers, such as FB and Twitter), which my client will be forced to due to excessive use.

Is there any way to prevent this?