In this chapter, we will read about lesser-known Android attack vectors, which might be useful during Android penetration tests. We will also be covering some topics like vulnerabilities in Android ad libraries and vulnerabilities in WebView implementations. As a penetration tester, this chapter will help you audit Android applications in a more effective manner, and discover some uncommon flaws.
WebView is an Android view that is used in order to display web content in an application. It uses the WebKit rendering engine in order to display web pages and other content with the
data:// protocols, which could be used to load files and data content from the filesystem. ...