Are there any recent changes that moved app_webview to /data/data/<package name>/ in Android 4.4.2? It looks like many files generated under this has a unix permission of 644 which is readable by any app on the device. Such of the information looks to be privacy/security related such as session tokens and etc. This is not the case for anything before API level 19.
-- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
