Security News > 2021 > March > Why it's time the Android developers rethink WebView
Even back in the early days, WebView was problematic because, with a JavaScript bridge enabled, a webpage viewed in WebView could execute code as the WebView application itself.
There's the app itself, there are the Android subsystems, there are the apps that depend on WebView, there are the developers who might make use of JavaScript, which then depends on a third-party server that may or may not use SSL properly.
Simply put, Android WebView allows apps to display web content, without having to open a web browser.
Of course, in typical Google fashion, the developers then returned WebView duties back to System WebView for Android 10 and haven't changed that behavior since.
For some Android releases, you could safely disable WebView and allow Chrome to handle those duties, but with all modern releases, you cannot.
It may be too late for Android 12, but as soon as the developers and designers start hammering out ideas for the 13th release of the platform, they're going to need to put serious time into rethinking and retooling WebView.