Insecure Configuration
Why is this important?
Android mostly adheres to secure defaults, but there are ways to introduce configuration issues.
Check out this video for a high-level explanation:
Fixing Insecure Configuration
Option A: Disable Remote WebView debugging
By enabling remote WebView debugging, web contents (HTML/CSS/JavaScript) that are loaded into any WebViews can allow attackers to steal or corrupt data.
Go through the issues that GuardRails identified in the PR.
Remove the code that has this pattern:
WebView.setWebContentsDebuggingEnabled(true);
Or make sure this code is not used in production
Test it
Ship it 🚢 and relax 🌴