To add some context to @slightlylate’s quoted tweet
: the issue is the `shouldInterceptRequest` method (
https://developer.android.com/reference/android/webkit/WebViewClient.html#shouldInterceptRequest(android.webkit.WebView,%20android.webkit.WebResourceRequest) …) that essentially allows any app to intercept (MITM) and rewrite traffic, even if loaded over HTTPS. Use ChromeCustomTabs, folks! Distrust WebView!https://twitter.com/slightlylate/status/1104964835362529283 …
We have aggregate stats for WebView usage, but hard to distinguish IAB usage from, e.g., ads and 1p content
-
-
Thanks. I was thinking more in terms of on-device for the user
-
Still hard to distinguish.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.