HackApp vulnerability scanner discovered that application Text Smileys Minis ™ published at the ‘play’ market has multiple vulnerabilities.
WebView 'addJavascriptInterface' could be used to control the host app with JavaScript bindings. Remote Code Execution (RCE) is possible.
Check certificate validation. Do not create or redefine X509Certificate class methods by yourself, if you don't understand risks. Use the existing API.
WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
Control of WebView context allows to access local files.
All items deleted with 'file.delete()' could be recovered.
Were do they point?