Security updates for in-app browser coming with Android O

Android O

Android’s in-app browser, WebView, is getting some necessary security updates with Android O.

The micro browser, which often pops up when you open a link inside an app, is an extremely convenient method of checking out web pages without having to commit to the full browser, but is also less secure than the full browser.

One of the main issues, notes Xiaowen Xin and Renu Chaudhary on the Android Developer Blog, is the amount of untrusted external content WebView has to process, making it vulnerable to processing potentially malformed content.

To address this concern, Android O will come with two WebView updates that protect against malicious content.

Firstly, Google is incorporating Google’s Safe Browsing feature into WebView, allowing the micro browser to check URLs against a malware and phishing database and display a warning message before users visit a dangerous site. Implementation of that change is simple for developers, with Google providing a single line of manifest code in the blog post.

Google is also sandboxing the WebView renderer, which means isolating it in a separate environment so that if security issues occur, those issues will not spread to other areas of the host app.

The WebView updates come alongside many other changes due in Android O, most of which — like the in-app browser upgrade — are incremental but solve significant issues.

Source: Android Developers Blog