There has recently been a high profile ‘Same Origin Bypass’ security issue regarding the Android browser, prior to Android 4.4 KitKat, that allows a client session on one site to affect a client session on another. TrendLabs have just posted some information that shows that this vulnerability has wider reach than first thought. Like me, you might have thought it was only a web browser problem in that visiting one infected site can then cause problems when you visit further sites. However, as TrendLabs state…
I guess what they are getting at is that opening one infected URL followed by other uninfected URLs can compromise the security (data and behaviour) of the later sites. I urge you to think about if your Android app opens arbitrary URLs or even defined URLs, the content of which, you have no control over. Opening them into a WebView can cause unintended Javascript to be run. I have some further guidelines for using Android WebViews where I already advise not to use WebViews if your app involves processing any data that needs to remain secure.