Appery.io has just launched MetaCert’s Security API as a plugin, making it easy for app developers to protect their end-users from malicious links and unwanted content insider their apps (which use a WebView). While writing my story for journalists and bloggers I thought I’d simplify my definition of ‘WebView’ for the purpose of making the story a little easier to comprehend for non-developers. I’ll write more about our new partnership shortly.
I Googled “What is a WebView” and got the following definition:
A “webview” is a browser bundled inside of a mobile application producing what is called a hybrid app. Using a webview allows mobile apps to be built using Web technologies (HTML, JavaScript, CSS, etc.) but still package it as a native app and put it in the app store. The Google search picks up Steve Souders’ definition here.
This is technically inaccurate. It’s half-true. WebView isn’t just used by hybrid apps. It’s also used by native apps. So technically, a WebView isn’t “a browser bundled inside of a mobile application producing what is called a hybrid app“.
So, what is a WebView?
A WebView is a file library provided by companies like Apple and Google to make it possible for developers to display web content inside native apps. By displaying web content inside an app, it helps improve the overall user experience as it means end-users don’t need to close the app in order to open a link with a native browser. The WebView can also be used to display something like a terms and conditions page – allowing developers to update the page without having to update the app.
I’m very confident that Google and Apple didn’t foresee how WebView would be used today. That’s probably why it has so many security vulnerabilities. With the advancement of web technologies such as HTML and CSS, developers are now building what’s called hybrid apps. Hybrid apps are usually built instead of native apps because you only need to build one version of the app and it will work across most mobile operating systems. So it’s faster and cheaper to build a hybrid app than it is to build a native app.
In order to build a hybrid app, developers must use a WebView. The WebView acts like a framework for the app.
Also…
While it is possible to add features such as pinch-to-zoom, share and go back through your history to a WebView, it’s not possible to conduct an open search of the Web and it’s not possible to do many of the other things that you use a ‘browser’ for. I would say, a WebView has some browser-like capability, but I wouldn’t call it a “browser bundled inside a mobile application”.
If you you found this post interesting, you may want to read a post I wrote about how WebView has weakened the TCB of the Web infrastructure.