MASTG-TEST-0331: Use of Deprecated WebView APIs

Overview

In this test, we look for references to UIWebView ( WebViews), a deprecated component since iOS 12.0, in favor of WKWebView. UIWebView presents security and performance risks: it does not allow JavaScript to be fully disabled, lacks process isolation (which WKWebView provides), and doesn't support modern web security features like Content Security Policy (CSP).

Steps

1. Use Exploring the App Package to extract the relevant binaries from app package.
2. Use Static Analysis on iOS to look for the relevant APIs in the app binaries.

Observation

The output should contain a list of locations where UIWebViews are used.

Evaluation

The test case fails if any use of UIWebView is found in the app.

Best Practices

MASTG-BEST-0032: Migrate from UIWebView to WKWebView

Demos

MASTG-DEMO-0094: Use of the Deprecated UIWebView