Avoid granting file access privileges to web views.
Web views are containers for regular web pages, and as such have very similar considerations for security.
setAllowContentAccess() methods must not be called with
true as an argument.
WebView webView = someView.findViewById(R.id.some_web_view); webView.getSettings().setAllowFileAccess(true); webView.getSettings().setAllowContentAccess(true);