As long as your WebView's HTML content doesn't load an external site, i.e. you control *all *the content shown in your WebView, there is no concern.
However, if you make an app that becomes popular and has a WebView that can load external/public content, then someone could examine your app, figure out what your JavaScriptnterface implements and exploit it for his or her own purposes. What exactly these vulnerabilities could be, depends entirely on your app and its JavaScriptInterface implementation. E.g. if your interface allows for the deletion of files or reading and sending of contact information, your app is much more vulnerable than when your interface only allows for a simple calculation. On Wednesday, March 27, 2013 3:59:06 AM UTC-4, Amit Sinha wrote: > > Hi, > > I am creating an android web app using Webview and Java script making > addJavascriptInterface(*true*). > > what are the thing i should be taking care so that any malicious > code should not run on my app. > > i worried about the security of my app as i am enabling > addJavascriptInterface(*true*). > > Please let me know the thing i should do in my app. > > Thanks, > Amit > > > -- -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
