Do you use WebViews in your Android app? If you say ‘no’, are you sure? What about 3rd party libraries/SDKs that you have included? Many such as ad libraries, Facebook and LinkedIn use WebViews.
I have some suggestions for tightening up WebView security. However, some of the suggestions might limit the functionality required of your WebViews. Also, it’s difficult to apply these suggestions to 3rd party SDKs, especially when you don’t have the source code.
For apps, for example banking and payment apps, that deal with sensitive data and really have to be secure, I’d think deeply if you really need to be using WebViews or 3rd party SDKs incorporating WebViews.