-
To add some context to @slightlylate’s quoted tweet ⤵️: the issue is theOn twitter.com
shouldInterceptRequestmethod ( developer.android.com/reference/android/webkit/WebViewClient.html#shouldInterceptRequest(android.webkit.WebView,%20android.webkit.WebResourceRequest)) that essentially allows any app to intercept (MITM) and rewrite traffic, even if loaded over HTTPS. Use ChromeCustomTabs, folks! Distrust WebView! x.com/slightlylate/status/1104964835362529283♻️ 16 Retweets ❤️ 33 Favorites Mood -3 🙁