WebView is popularly used across nearly all major mobile platforms. It essentially lets mobile apps display data from other resources so that the data request is performed seamlessly and the requested data is automatically displayed. However, it has now been discovered that WebView on Android contains a critical vulnerability.
To be able to display content from external resources, WebView makes use of multiple APIs. These APIs are used to interact with the web content when viewed through WebView. However, it can also be used to view a web application, rather than a simple piece of content.
A potential hacker may use this vulnerability to lure a user into clicking a compromised URL. Once the user clicks on the said URL, it allows WebView to open a web page on which Java has been enabled. This is where the hacker gets the chance to install malicious apps or steal data from the user’s smartphone.
This can especially be true if a user downloads Android apps outside of Google Play. Third-party apps hosted on other sites may often contain malware which can sneak into your smartphone and then either steal away your personal information or perform other malicious activities.
The vulnerability is apparently applicable to even the recent versions of Android. But given that Google has packed better security features in Android 4.2, you should upgrade to it. Moreover, you should try not to click any suspicious links, especially the ones that lead you to Java-enabled pages.