The WebView class is one of the most powerful classes and it renders web pages like a normal browser. Applications can interact with WebView by adding a hook, monitoring changes being made, add JavaScript, etc. Even though this seems like a great feature; it brings in security loopholes if not used with caution. Since WebView can be customized, it creates the opportunity to break out of the sandbox and bypass the same origin policy.
more here.....http://blog.opensecurityresearch.com/2014/04/secure-usage-of-android-webview.html?utm_source=twitterfeed&utm_medium=twitter&m=1
more here.....http://blog.opensecurityresearch.com/2014/04/secure-usage-of-android-webview.html?utm_source=twitterfeed&utm_medium=twitter&m=1