Detailed explanation and examples of SSL warning processing on Android WebView

Detailed explanation of SSL warning processing on Android WebView

preface:

Due to the security vulnerabilities reported on Google pay recently, SSL warning.com needs to be handled

Safety reminder

The implementation of the webviewclient.onreceivedsslerror handler in your application is very insecure. Specifically, this implementation will ignore all SSL certificate validation errors, making your application vulnerable to man in the middle attacks. An attacker may change the affected WebView content, read the transmitted data (such as login credentials), and execute code using JavaScript in the application.

To properly handle SSL certificate validation, change your code to call sslerrorhandler. Processed() when the certificate provided by the server meets your expectations, otherwise call sslerrorhandler. Cancel(). The system has sent an email reminder to your developer account address, listing the affected applications and classes.

Therefore, I checked the warning handling method of accessing the URL of SSL Protocol on the relevant WebView.

In fact, the general meaning is that when the client handles the SSL error returned by the HTTPS link, it should not pass directly without thinking. It needs to pop up a friendly dialog box on the client to let the user make a choice.

Then add the following code:

Thank you for reading, hope to help you, thank you for your support to this site!