Android System WebView is a system component that allows Android apps to display web content without opening a full browser. It is powered by the Chromium open-source project, the same technology that powers the Chrome browser.
WebView has been an integral part of Android for many years. Prior to Android 5.0 Lollipop, it was bundled as part of the core Android operating system. This meant it could only be updated as part of a full OS update from the device manufacturer. However, Google decided to decouple it from the OS starting with Android 5.0, so it could be updated independently via the Play Store. This allows for more frequent security and bug fix updates.
Contents
How WebView Works
WebView is based on the Chromium open-source project, the same platform that powers the Chrome browser. It uses the Chromium rendering engine to display webpages.
When an Android app needs to display a web page, it has two options:
- Launch the default browser on the device (such as Chrome)
- Use a WebView within the app itself
Using a WebView allows the app to display web content without leaving the app, providing a more seamless experience for users.
Here is how it works under the hood:
- The app developer adds the WebView component to the app’s layout
- When needed, the app creates a WebView instance and loads a URL into it
- The WebView renders the web content using the Chromium engine
- The user interacts with the web content directly within the app
From the user’s perspective, it looks like any web content loaded within the app itself. The WebView offers standard browser abilities like executing JavaScript, managing cookies, and maintaining browsing history.
Why Do Apps Use WebView?
There are several reasons why apps use WebView rather than launching a browser:
- Retain users within the app: Opening a browser would take users out of the app experience. WebView allows showing webpages within the app itself.
- Customizable experience: Apps can apply their own styling and branding to WebView. This allows webpages to blend into the app’s look and feel.
- Interactivity: WebView allows two-way interaction between the app and web content through JavaScript interfaces.
- Speed: WebView can cache web content for faster loading within apps.
- Security: Apps can apply additional security policies like SSL pinning on WebView.
Overall, WebView provides apps more control over the web experience compared to launching a browser. It improves speed and seamlessness.
What Are Use Cases of WebView
Here are some examples of how Android apps utilize WebViews:
- In-app browsers – Apps like Facebook and Twitter use WebView instead of launching the full browser when opening links. This provides a smoother in-app browsing experience.
- Web apps – Some apps are built using web technologies that run inside a WebView container instead of natively. This can allow faster cross-platform development.
- Logins/payments – Apps may use WebView to handle the login/payment flow via a web UI while keeping the user within the app itself.
- Ads – Many apps display web-based ads contained within a WebView.
- Hybrid Apps – Native apps with embedded WebView content are known as hybrid apps, allowing developers to leverage web code.
So, WebView powers web-connected features across a wide variety of Android apps without needing to open a separate browser.
WebView Security
Allowing apps to render web content has security implications. If not configured properly, WebView could be exploited by malicious apps to steal sensitive information or perform phishing attacks.
Fortunately, later versions of Android and WebView have more locking down of insecure options by default, including:
- JavaScript is disabled
- File access is blocked
- Strict transport security (HTTPS) is enforced for all requests
In addition, WebView now runs inside an isolated sandboxed process on Android 8.0 and above. This protects the rest of the app and the OS from potential WebView crashes or exploits.
Of course, app developers can override the default settings, so users should be careful when entering sensitive information into a WebView.
Key Differences Between WebView and Chrome
While WebView and Chrome share the same Chromium foundations, there are some key differences:
- Purpose: WebView is meant for web content within apps. Chrome is a full-featured browser.
- Features: WebView has limited features compared to Chrome.
- Updatability: WebView updates come from Play Store. Chrome updates come from Google.
- Data: WebView and Chrome have separate data storage and do not share browsing data, cookies, etc.
- Customization: Apps can customize WebView appearance and behavior. Chrome offers limited customization.
Conclusion
Android System WebView allows apps to integrate web content seamlessly while retaining user experience within the app itself. It is a key Android component that improves app functionality. While apps can weaken its security, responsible use of WebView by developers can make apps more feature-rich without compromising user security.