WebView attacks

WebView is a view that allows an application to load web pages within it. Internally it uses web rendering engines such as Webkit. The Webkit rendering engine was used prior to Android version 4.4 to load these web pages. On the latest versions (after 4.4) of Android, it is done using Chromium. When an application uses a WebView, it is run within the context of the application, which has loaded the WebView. To load external web pages from the Internet, the application requires INTERNET permission in its AndroidManifest.xml file:

<uses-permission android:name="android.permission.INTERNET"></uses-permission>

Using WebView in an Android app may pose different risks to the application depending upon the mistakes the developers make. ...

Get Penetration Testing: A Survival Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.