Go to OpenReview Archive homepageWebView Security Best Practices
Abstract: WebViews play a great role in mobile and desktop applications by embedding web content within native
applications. Native applications, typically written in platform-specific languages and frameworks, often share a common
backend with multiple web-based clients, like Android, iOS, Windows, and macOS. To streamline development processes and
enhance cross-platform compatibility, developers leverage WebViews as a unifying component. While WebViews offer
substantial advantages in terms of development speed, flexibility, and code reuse, they inherently introduce security
vulnerabilities if not implemented securely. Significant research has been performed on vulnerabilities in WebViews in
different platforms [1], [2], [3], [4], but there is a lack of a consolidated repository of best practices for securely
implementing WebViews. This review aims to address the gap and systematically investigates prevalent WebView security
vulnerabilities, assess their potential impact on application security and user privacy, and provide best practices. By bridging
the gap in existing literature, this work provides developers with actionable guidelines to build more resilient and secure
WebViews usage in mobile and desktop environments.
Loading