1. 7

  2. 3

    In order for the fix to be enabled, the code calling addJavascriptInterface must be compiled against API 17 or above – that is, you must target Android 4.2 or later.

    Yikes! Sadly this means anyone making the business decision to target older devices leaves their app vulnerable even on modern devices. (I don’t think version splitting is popular on android, is it?)

    1. 2

      I don’t develop anything super complex on Android, but I always just set my targetSDK setting to the current highest API level. I’ve never come across anything where this has created a backwards compatibility issue. As long as you don’t actually use any new API feautes (which IntelliJ will warn you about), old devices can use your app fine. So I suspect that most vulnerable apps in their search, could fix the problem by bumping their targetSDK version and recompiling.

      I’d be interested in hearing about any common issues caused by just always using the latest targetSDK.