If I open arbitrary urls in my ios application, will I have to do my own malware/phishing/etc... checks? Does the webview (implicitly) do any work on my behalf (or would i have to switch a setting somewhere?)?
Asked
Active
Viewed 276 times
10
-
2http://www.slideshare.net/lpilorz/webview-security-on-ios-en – Vrashabh Irde May 06 '15 at 06:22
2 Answers
4
In short: no.
UIWebView only has some restricts about javascript same-origin policy, and iOS has it's own SSL Certificates Validation (TLS Chain Validation) which can help UIWebView a little bit safe.
If you want to check malware, phisinng, ... you're free to do it.
lambao
- 458
- 1
- 3
- 9
1
No, it uses Webkit under the hood, which does not check for malwares, but it may give you only hints on expired certificates, self-signed certificates or invalid ones.
You should implement a request filter, which performs better SSL checks for valid certificates and uses some third-party anti-malware / dangerous domains and keep them out. In that case, you just ignore "that" request.
madduci
- 2,635
- 1
- 32
- 51