WebViews Allowing Access to Local Files #2615
Description
We use NowSecure for mobile app security. Based on the latest security report for our app, NowSecure considers that if the app's minSdkVersion <= 29, the value of setAllowFileAccess is True.
If the local files contain executable code or scripts, an attacker could exploit the WebView to inject and execute malicious code which could result in unauthorized access to sensitive local resources.
As the possible fix, we are suggested to specifically set setAllowFileAccess to False.
However, the official documentation suggests that the default value of setAllowFileAccess depends on app's targetSdkVersion.
Could you please check if it's a false-positive or settings setAllowFileAccess to False is the solution?