Overcoming Insecurities in WebViews

July 21, 2025 34 min Free
Droidcon - Droidcon London 2024
Balázs Gerlei
android webview security javascript mobile-development app-security remote-debugging cleartext-traffic hsts file-access content-providers cookies

Description

This talk addresses the security vulnerabilities and misconfigurations commonly found in Android WebViews. Balázs Gerlei explores various security issues, including breakout vulnerabilities, cleartext traffic, file access, content provider access, and cookie management. The presentation emphasizes best practices for securing WebViews, such as proper configuration, restricting URI loading, and utilizing alternative solutions like Custom Tabs.

Back to Home