BT

Android Developers Now Can Test WebView before It Is Released

| by Abel Avram Follow 12 Followers on Feb 17, 2015. Estimated reading time: 1 minute |

Google has made Android WebView available as a standalone application for developers willing to test it.

WebView holes make Android Chrome and many HTML5 mobile applications based on it vulnerable to various attacks putting users at risk. Rapid7 holds a database of exploits for Android and WebView, among others. Many of these security issues refer to Android versions earlier than 4.4, and, according to Rapid7, Google issued the following comment:

If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.

While Google has been prompt in fixing security issues with Chrome for desktop, the same process was not available for Android. Even when Google made fixes available, manufacturers and even users delayed updating their mobile devices, leaving them open to attacks. With Android 5.0, Google decided to make WebView updatable through the Play Services channel. That means that Google is pushing new versions of WebView when it updates Play Services, without waiting on manufacturers or users.

Now Google has taken another step, making WebView available in advance to developers. After becoming a member of the WebView Beta Channel on Google+, developers can opt in for becoming WebView testers, and get access to Android System WebView which can be installed on Lollipop devices. In this way, developers can test and file bug reports on WebView prior to being updated through Play Services.

The first version of System WebView is based on Chrome 40 which was recently released through all channels. Notable in Chrome 40 are service workers which makes it possible to implement offline applications easier by intercepting network requests and servicing them with local or cached responses when the connection is off. The new Fetch API enables service workers to make cross-origin network requests and the Cache API lets them save the responses for later use.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss
BT