Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am 78f4342f: Merge "docs: WebView security notes for apps on pre-K devices" into lmp-docs automerge: e628954 automerge: d4cf09d

Browse Source 
automerge: 63e822d

* commit '63e822df58b056e35a8a405103b53a2a033c7d33':
  docs: WebView security notes for apps on pre-K devices
This commit is contained in:
Andrew Solovay
2015-01-21 23:40:51 +00:00
committed by android-build-merger
parent 349e3b5ad1 63e822df58
commit a1838a9d78
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/html/training/articles/security-tips.jd
View File

@@ -445,7 +445,17 @@ locally. Server-side
headers like <code>no-cache</code> can also be used to indicate that an application should
not cache particular content.</p>
<p>Devices running platforms older than Android 4.4 (API level 19)
use a version of {@link android.webkit webkit} that has a number of security issues.
As a workaround, if your app is running on these devices, it
should confirm that {@link android.webkit.WebView} objects display only trusted
content. You should also use the updatable security {@link
java.security.Provider Provider} object to make sure your app isnt exposed to
potential vulnerabilities in SSL, as described in <a
href="{@docRoot}training/articles/security-gms-provider.html">Updating Your
Security Provider to Protect Against SSL Exploits</a>. If your application must
render content from the open web, consider providing your own renderer so
you can keep it up to date with the latest security patches.</p>
<h3 id="Credentials">Handling Credentials</h3>