Configuration Management / Webview Remote Debugging Enabled
Webview Remote Debugging Enabled is a high risk vulnerability, as it can allow attackers to access sensitive data on the device. This can lead to data leaks, tampering of information, or the execution of arbitrary code. Additionally, the vulnerability can be difficult to detect, as it requires manual testing in order to identify.
To mitigate the risk of Webview Remote Debugging Enabled, the bridge must be disabled. This can be done using the
WebView.setWebContentsDebuggingEnabled(false); method. This should be added to the app's code, and the app should be tested to ensure that the bridge is successfully disabled.
The following code can be used to disable the bridge: