WebView has always been that component in Android apps that show HTML content when needed. This is one capability of your mobile apps to present pages in web format that is easier to access and read. Through the years, a number of applications have relied on WebView. A couple of years ago, a new version was tested and then released. Chrome apps for mobile even got the Chromium WebView version.
WebView was even made better when Android Lollipop rolled out when it included numerous bug fixes, Chromium updates, and new web platform APIs. This time, WebView becomes more secure than ever as the risk of untrusted content increases. Web content is one way that spammers and hackers can attack an app or a device.
To prevent such from happening, Android developers are working on enhancements to this function to ensure important fixes are delivered to the end users. For improved security in Android O, the renderer process will now be isolated in Android O. When the new platform version rolls out, WebView will be separated from the host app. It will allow isolation that is already being used by some apps. Two levels of isolation will be provided.
This separation of processes will insulate the host apps from possible crashes and bugs. This also makes it difficult for an attacker to get in. A renderer process is now run inside an isolated process sandbox. This step sets restrictions to a limited set of resources as described. There’s the seccomp filter included that can bring down the number of system calls.
For safer browsing, Google’s Safe Browsing has been incorporated with WebView. This way, users can be warned, if a website is possibly dangerous. The Safe Browsing database will be searched if a URL is listed to be potentially unsafe.
If you are an ordinary mobile user, note that Safe Browsing for WebView is ready on Android 5.0 devices and above.
Safe Browsing is already available on Chrome but with this round of update, it’s now ready in WebView on Android. If you are a developer, feel free to enable this feature for WebView by adding this manifest tag.
Copy from HERE
SOURCE: Android Developers Blog
