Worth Reading: Securely using Webkit WebViews in smartphone apps
Many smartphone apps use WebKit WebViews to quickly and easily display HTML pages, but the open source browser engine can also be used to display entire user interfaces. The security specialists at MWR InfoSecurity regularly come across simple, avoidable security problems when testing apps. Because of this, they decided to put together a compact guide on how developers can securely integrate WebViews into their apps.
They started by analysing the iOS interface via iOS UIWebView; a guide for the Android equivalent is planned to follow. The security researchers offer specific tips on areas such as how to limit sites to being loaded from a pre-approved domain and what developers need to consider when using encrypted connections via HTTPS (SSL/TLS).
- Adventures with iOS UIWebviews, a blog post from MWR InfoSecurity.
(crve)