>I've heard, but haven't confirmed, they also detect you opening developer tools using various methods and remove your auth keys from localstorage while you have it open to make account takeovers harder. (but not impossible)

No, they just keep moving it between updates. It's still there. It just gets harder to extract.