WebView

As part of the Android, Google ships WebView, which is used to render HTML, CSS, and JavaScript. This is one of the standard views in Android (some others being TextView, EditText, Spinner, and ImageView). Privacy Browser uses WebView to render websites. If you do not have WebView on your system, Privacy Browser will crash when it starts.

WebView is released under a mix of LGPL and variations of the BSD licenses, and is currently built from the same codebase as Google’s Chromium project. It uses the Blink rendering engine and the V8 JavaScript engine. Because there are frequent security issues with WebView that need to be patched in a timely manner, beginning in Android 5.0 Google redesigned how Android handled WebView so that it could be updated via an APK through the Google Play Store.  When an update is installed, Android uses it instead of whatever version shipped with the ROM. As far as I know this is the only one of Android’s views than can be updated in this way.

Beginning in Android 7, Google allows the Chrome APK to replace the WebView APK (they are built from the same codebase). If Chrome is installed, WebView will automatically be disabled. If Chrome is uninstalled, WebView will be re-enabled and can receive updates from Google Play.

From time to time I am contacted by someone who is having problems with Privacy Browser because they don’t have a functioning WebView on their system. Usually these are people with root access to their devices who have manually remove a bunch of Google software because they don’t like Google spying on them (a worthy endeavor). Typically they don’t realize the WebView is fully open source and a part of Android in a way that Google Play Service, Gmail, Google Photos, and other closed source Google apps are not.

To restore WebView you can use Yalp or Aurora to download the Android System WebView APK. Bromium also provides a fork of Android’s WebView called SystemWebView that might be worth trying. SystemWebView is open source, but I have not spent the time to inspect their code myself and users are advised to do their own research before deciding whether to trust them.

As part of Privacy Browser’s 4.x series, I am planning to create my own fork of WebView called Privacy WebView. This will allow greater control over JavaScript, cookies, DOM storage, browser fingerprinting, and other privacy features that currently cannot be controlled with Android’s WebView.