Android Apk Javascript Enabled Without Clear Cache

Description

Detects Android WebView configurations where JavaScript is enabled but the cache is not properly cleared between sessions. This can expose sensitive JavaScript data to unauthorized access and potentially lead to information disclosure or session hijacking vulnerabilities.

Weakness:

268 - Insecure service configuration - Webview

Category: Functionality Abuse

Detection Strategy

• Identifies WebView instances in the application code where setJavaScriptEnabled(true) is called

• Checks if clearCache() method is not called in conjunction with JavaScript enabling

• Reports a vulnerability when a WebView has JavaScript enabled without proper cache clearing mechanisms

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.