BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Android Developers Now Can Test WebView before It Is Released

Android Developers Now Can Test WebView before It Is Released

Bookmarks

Google has made Android WebView available as a standalone application for developers willing to test it.

WebView holes make Android Chrome and many HTML5 mobile applications based on it vulnerable to various attacks putting users at risk. Rapid7 holds a database of exploits for Android and WebView, among others. Many of these security issues refer to Android versions earlier than 4.4, and, according to Rapid7, Google issued the following comment:

If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.

While Google has been prompt in fixing security issues with Chrome for desktop, the same process was not available for Android. Even when Google made fixes available, manufacturers and even users delayed updating their mobile devices, leaving them open to attacks. With Android 5.0, Google decided to make WebView updatable through the Play Services channel. That means that Google is pushing new versions of WebView when it updates Play Services, without waiting on manufacturers or users.

Now Google has taken another step, making WebView available in advance to developers. After becoming a member of the WebView Beta Channel on Google+, developers can opt in for becoming WebView testers, and get access to Android System WebView which can be installed on Lollipop devices. In this way, developers can test and file bug reports on WebView prior to being updated through Play Services.

The first version of System WebView is based on Chrome 40 which was recently released through all channels. Notable in Chrome 40 are service workers which makes it possible to implement offline applications easier by intercepting network requests and servicing them with local or cached responses when the connection is off. The new Fetch API enables service workers to make cross-origin network requests and the Cache API lets them save the responses for later use.

Rate this Article

Adoption
Style

BT