Introducing My Webview App Opensoure for Android

/ Coding, Design, From the Developers, Native Apps
Introducing My Webview App: A Secure, Open-Source Foundation for Android Development

Today, we’re excited to announce the official open-source release of My Webview App, a powerful and feature-rich Android application framework that serves as the foundation for MYETV‘s official platform- [Platform: the set of the main domain and all the subdomain of a particular website; also the computer architecture and equipment using a particular operating system] - applications. This project represents months of development, rigorous security testing, and community feedback, and we’re thrilled to share it with developers worldwide.

🔗 GitHub Repository: https://github.com/OskarCosimo/my-webview-app/

What Is My Webview App?

My Webview App is a comprehensive Android application template built with Java and Android Studio. It bridges the gap between web and mobile applications by providing a sophisticated WebView implementation with extensive customization options, robust security features, and seamless integration with modern web technologies.

Unlike basic WebView wrappers, My Webview App offers a production-ready solution with enterprise-grade features including:

  • 🌐 Flexible Content- [Contents: every content intended as text, images, audio or video] - Loading – Support for both internet-based URLs and offline local HTML content
  • 🔔 Firebase Cloud Messaging Integration – Native push notification support
  • 📱 QR Code Scanner – Built-in camera-based QR scanning capabilities
  • 🌍 Multilingual Support – Pre-translated into 20+ languages
  • 🎨 Extensive Customization – Fine-grained control over appearance, behavior, and security policies
  • 🔒 Advanced Security Features – HTTPS enforcement, domain whitelisting, and SSL validation

The MYETV Connection

This isn’t just a side project My Webview App is the same codebase that powers MYETV‘s official Android applications. When you use MYETV‘s mobile apps to stream content, manage your account- [Account: an Account contains the personal information that is assigned to those who register and access with email and password] - , or interact with our platform, you’re experiencing this framework in action. By open-sourcing this project, we’re giving back to the developer community that has supported us while maintaining transparency about our technology stack.

Understanding the Apache 2.0 License- [License: a permit from an authority to own or use something, do a particular thing, or carry on a trade] -

My Webview App is released under the Apache License 2.0, one of the most popular and developer-friendly open-source licenses available. But what does this actually mean for you as a developer?

What the Apache 2.0 License Allows

The Apache 2.0 license is classified as a permissive license, which means it grants you maximum freedom with minimal restrictions. Specifically, you can:

  • Commercial Use – Use the code in commercial products and proprietary software- [Program/Software: the instructions that control what a computer does; computer programs] - without paying licensing fees
  • Modification – Freely modify the source code to fit your specific needs
  • Distribution – Share the original or modified code with others
  • Private Use – Use and modify the software privately without any obligation to share your changes
  • Patent Grant – Receive explicit patent rights from contributors, protecting you from patent litigation

Simple Requirements

The Apache 2.0 license has only a few basic requirements:

  1. Include the License – You must include a copy of the Apache 2.0 license text in any distribution
  2. State Changes – If you modify the code, you must document what was changed
  3. Preserve Notices – Keep all copyright, patent, trademark- [Trademark: a name or symbol on a product that shows it was made by a particular company, and that it cannot be used by other companies without permission] - , and attribution notices from the original code
  4. No Trademark Use – You cannot use Apache or MYETV trademarks without permission

Why We Chose Apache 2.0

Unlike more restrictive copyleft licenses (like GPL), Apache 2.0 doesn’t require you to release your modifications under the same license. This means you can build proprietary applications using My Webview App without any obligation to open-source your entire project. We believe this flexibility encourages wider adoption and allows developers to build commercial products while still benefiting from open-source collaboration.

The explicit patent grant is another crucial feature it provides legal protection against patent claims from contributors, giving you confidence that using this code won’t expose you to unexpected legal issues.

Security: Our Top Priority

When it comes to WebView applications, security isn’t optional, it’s fundamental. WebView implementations can potentially expose users to web-based attacks like Cross-Site Scripting (XSS), malicious redirects, and data theft if not properly secured. That’s why we’ve implemented multiple layers of security throughout My Webview App.

1. HTTPS Enforcement and SSL Validation

My Webview App includes configurable HTTPS enforcement that can be enabled to reject all HTTP connections, ensuring that all data transmission is encrypted. The app also implements comprehensive SSL certificate validation with custom error handling:

  • Certificate Chain Validation – Verifies the entire SSL certificate chain
  • Expiration Checking – Warns users about expired certificates
  • Self-Signed Certificate Detection – Identifies and blocks untrusted self-signed certificates
  • User Warnings – Displays detailed security warnings before loading insecure content

This multi-layered approach ensures that users are always aware of connection security and can make informed decisions about proceeding with potentially unsafe connections.

2. Domain Whitelisting and URL Filtering

One of the most powerful security features is the three-tier domain control system:

  • Allowed Domains – Only URLs from whitelisted domains load in the main WebView. All other domains either open in a secondary contained browser or are blocked entirely
  • Special URL Authorized Domains – Restricts which domains can trigger special app functions (like closing the app, opening the QR scanner, or enabling Do Not Disturb mode). This prevents malicious websites from hijacking app functionality
  • Secondary WebView Domains – External domains that always open in a restricted secondary browser with limited permissions

This architecture ensures that untrusted content is always sandboxed and cannot compromise the main application.

3. Google Safe Browsing Integration

My Webview App integrates Google’s Safe Browsing API, which provides real-time protection against phishing sites, malware distribution, and other web-based threats. When enabled, Safe Browsing automatically analyzes URLs and warns users before they navigate to dangerous websites.

This feature is particularly important for applications that allow users to navigate freely across the web, as it provides an additional layer of protection beyond domain whitelisting.

4. WebView Security Configuration

The app implements Android WebView security best practices, including:

  • File Access- [Access the simple access to a website as a visitor] - Restrictions – Disabled file system access from web content to prevent local file inclusion attacks
  • JavaScript Execution Control – JavaScript can be selectively enabled or disabled based on security requirements
  • Content Security Policy Support – Full support for CSP headers to prevent XSS attacks
  • Mixed Content Blocking – Prevents loading insecure HTTP resources on HTTPS pages
  • Geolocation Permission Management – Granular control over location access with user consent requirements

5. Process Isolation (Android 8.0+)

On Android 8.0 and higher, My Webview App leverages WebView’s process isolation feature. This means that the WebView rendering engine runs in a separate sandboxed process from the main application. If a malicious website manages to exploit a WebView vulnerability, the attack is contained within the isolated process and cannot directly access the host application’s data or execute arbitrary code with the app’s permissions.

6. Firebase Security Integration

For applications using Firebase push notifications, My Webview App implements secure token management:

  • Secure Token Storage – FCM tokens are stored securely using Android’s SharedPreferences with encryption- [Encryption: to change electronic information or signals into a secret code (= system of letters, numbers, or symbols) that people cannot understand or use on normal equipment] - support
  • Token Refresh Handling – Automatic detection and handling of token updates
  • Optional URL Token Injection – Configurable automatic token inclusion in URLs for server-side verification

7. Permission Management

The app implements runtime permission requests for sensitive features:

  • Camera Access – Required only when QR scanning is enabled, with clear user rationale
  • Notification Permissions – Explicit consent required for push notifications (Android 13+)
  • Location Access – Only requested when websites need geolocation, with user confirmation
  • Storage Access – Controlled file upload- [Upload: the action by a owners of the network of sending an image or audio or video file (named as content) from the device] - capabilities with permission verification

8. Network- [Network of Contents: is the channel in which owners can post their content and the audience can see the contents posted by the owners] - Security Configuration

My Webview App supports Android’s Network Security Configuration, allowing developers to:

  • Pin SSL certificates to prevent man-in-the-middle attacks
  • Configure custom trusted certificate authorities
  • Enforce cleartext traffic restrictions
  • Define domain-specific security policies

Regular Security Updates

Security is an ongoing commitment, not a one-time implementation. As the foundation for MYETV‘s production applications, My Webview App receives regular security audits and updates. When vulnerabilities are discovered or new security best practices emerge, we update the codebase and publish patches through the GitHub repository.

We also maintain transparent security practices:

  • Security Issue Reporting – Clear guidelines for responsible disclosure of security vulnerabilities
  • Dependency Management – Regular updates of third-party libraries and Firebase SDKs
  • Security Documentation – Comprehensive documentation of security features and recommended configurations

Key Features in Depth

Dual-Mode Content Loading

My Webview App supports two distinct operating modes, making it versatile for different use cases:

  • Internet Mode – Load content from remote web servers with full caching, offline fallback, and network monitoring
  • Local Mode – Package HTML, CSS, and JavaScript files directly within the app for completely offline operation

This flexibility allows developers to build both online streaming applications (like MYETV) and offline-first applications using the same codebase.

Intelligent Offline Detection

The app includes sophisticated network monitoring that detects connection loss and automatically displays a customizable offline page. Unlike simple connectivity checks, the offline detection system:

  • Performs multiple verification attempts before declaring offline status (reducing false positives)
  • Monitors network state changes in real-time
  • Automatically reloads content when connectivity is restored
  • Allows complete customization of the offline experience through HTML/CSS

Firebase Cloud Messaging (FCM) Integration

Push notifications are essential for modern mobile applications, and My Webview App provides seamless Firebase integration:

  • Automatic Token Management – Handles FCM token generation, refresh, and storage
  • Notification Handling – Processes both foreground and background notifications
  • Deep Linking Support – Notifications can open specific pages within the app
  • Custom Notification Icons – Easy customization of notification appearance
  • JavaScript Bridge – Web content can access the FCM token for server-side registration

Built-in QR Code Scanner

The integrated QR code scanner uses the device camera and the ZXing library to provide fast, reliable scanning. What makes it special:

  • Web-Triggered – Websites can trigger scanning via a special URL scheme (qrcode://)
  • Result Passback – Scanned data is automatically passed back to the web application
  • Camera Permission Management – Handles runtime permissions with clear user explanations
  • Multiple Format Support – Reads QR codes, barcodes, and other 2D formats

Multilingual Support

With pre-translated string resources in over 20 languages, My Webview App is ready for global deployment. Supported languages include:

  • European languages: English, Spanish, French, German, Italian, Portuguese, Dutch, Polish, Swedish, Danish, Norwegian, Finnish, Czech
  • Asian languages: Chinese (Simplified), Japanese, Korean, Hindi
  • Middle Eastern: Arabic, Turkish

All UI elements from permission dialogs to offline messages are fully localized, and Android’s automatic language selection ensures users see content in their preferred language.

Advanced UI Customization

Every visual aspect of the app can be customized through the central Config.java file:

  • Splash Screen – Configurable logo, duration, and loading behavior
  • Progress Indicators – Multiple styles (spinner, linear progress) with custom colors
  • Pull-to-Refresh – Customizable swipe-down reload with color theming
  • Secondary Browser – Full control over external link browser appearance
  • Status Bar – Custom colors and light/dark text options
  • Orientation Lock – Separate controls for phone and tablet orientations

Special URL Schemes for Native Functionality

Web content can trigger native app- [Native Applications: the applications available for any operating system (eg. Microsoft, Android, FireOs) downloadable and installable] - functions using special URL schemes a powerful feature that enables deep integration between your website and the mobile app:

  • closetheapp:// – Gracefully close the application
  • qrcode:// – Open the QR code scanner
  • openappsettings:// – Navigate to Android app settings
  • shareapp:// – Trigger native share functionality
  • pictureinpicture:// – Enable picture-in-picture mode for videos
  • togglenotifications:// – Enable/disable Do Not Disturb mode

These schemes are restricted to authorized domains for security, preventing malicious websites from hijacking app functionality.

Picture-in-Picture Support

On Android 7.0 and higher, My Webview App supports native Picture-in-Picture mode. Users can minimize the app while continuing to stay connected in a floating window perfect for multitasking.

Do Not Disturb Mode

A unique feature that allows the app to request Do Not Disturb permissions, temporarily blocking notifications from other apps while users are engaged with your content. This is particularly valuable for video streaming applications where uninterrupted viewing is important.

Built for MYETV, Designed for Everyone

My Webview App isn’t just a generic template it’s battle-tested production code that powers real-world applications serving thousands of users daily. When we built MYETV‘s mobile platform, we needed a WebView solution that could handle:

  • Video Streaming – Smooth playback with minimal latency
  • Real-Time Updates – Push notifications for live events and new content
  • User Authentication – Secure login- [Login: an act of logging in to a computer, database, website or system] - and session management
  • Content Protection – DRM and secure video delivery
  • Global Reach – Multi-language support for international audiences
  • Offline Resilience – Graceful degradation when connectivity is poor

Rather than building a proprietary solution, we created an extensible framework that solves these challenges while remaining flexible enough for any use case. Whether you’re building a video platform like MYETV, a news reader, an e-commerce app, or an enterprise portal, My Webview App provides the foundation you need.

How MYETV Uses This Framework

MYETV‘s mobile applications are essentially customized versions of My Webview App with our branding, domain configurations, and Firebase setup. Here’s how we’ve configured it:

  • Domain Whitelisting – Only MYETV domains can load in the main WebView
  • Push Notifications – Alerts for new content, followers- [Follower: a follower refers to a person who subscribes to your account or network in order to receive your updates] - , and personalized recommendations
  • Theme Detection – Automatic light/dark mode detection passed to web content
  • Offline Fallback – Custom offline page with MYETV branding
  • Security Hardening – HTTPS-only mode with strict certificate validation
  • Analytics Integration – Firebase Analytics for usage tracking

By open-sourcing this framework, we’re enabling other developers to build applications with the same level of polish and functionality that MYETV users expect.

Getting Started

Ready to build your own Android app using My Webview App? The process is straightforward:

  1. Clone the Repository – Visit https://github.com/OskarCosimo/my-webview-app/ and clone or download the code
  2. Open in Android Studio – Import the project into Android Studio (Arctic Fox or later recommended)
  3. Configure Config.java – Customize the app by editing the comprehensive configuration file
  4. Refactor Package Name – Change from the default com.my.webviewapplication.mobile to your own package
  5. Setup Firebase – Create a Firebase project and download your google-services.json file
  6. Customize Assets – Replace app icons, splash screen logo, and offline HTML content
  7. Build and Test – Run on an emulator or physical device to test functionality
  8. Deploy – Generate a signed release build for distribution

The GitHub repository includes comprehensive documentation covering every configuration option, security setting, and customization opportunity. Whether you’re a seasoned Android developer or new to mobile development, the detailed README will guide you through the process.

Configuration Made Simple

One of the design goals for My Webview App was to make customization as simple as possible. Rather than requiring deep knowledge of Android development or WebView internals, almost every aspect of the app can be configured through a single Config.java file.

Here’s a quick example of how easy it is to configure basic settings:

// Load your website
public static final String HOME_URL = "https://mywebsite.com";

// Enable HTTPS-only mode
public static final boolean LOAD_ONLY_HTTPS = true;

// Add your domain to whitelist
public static final String[] ALLOWED_DOMAINS = {
    "mywebsite.com",
    "www.mywebsite.com"
};

// Enable QR scanner
public static final boolean ENABLE_QR_SCANNER = true;

// Enable push notifications
public static final boolean ENABLE_FIREBASE_PUSH = true;

That’s it! With just a few lines of configuration, you have a fully functional Android app with security features, QR scanning, and push notifications.

Community and Support

Open-source thrives on community collaboration, and we’re committed to fostering an active, helpful community around My Webview App.

Contributing

We welcome contributions from developers of all skill levels. Whether you want to:

  • Fix bugs or improve existing features
  • Add new functionality
  • Improve documentation
  • Translate UI strings to additional languages
  • Share your use case or success story

…your contributions are valued and appreciated. Check the GitHub repository for contribution guidelines and open issues that need attention.

Reporting Issues

If you encounter bugs, security vulnerabilities, or have feature requests, please open an issue on GitHub. For security-sensitive issues, we provide a responsible disclosure process to ensure vulnerabilities are patched before public disclosure.

Discussion and Support

Have questions or need help getting started? The GitHub Discussions section is the perfect place to ask questions, share ideas, and connect with other developers using My Webview App. We’re also active in monitoring issues and try to respond to questions promptly.

The Future of My Webview App

This initial release is just the beginning. We have exciting plans for future enhancements:

  • Enhanced Analytics – Built-in analytics dashboard and event tracking
  • A/B Testing Framework – Easy experimentation with different configurations
  • Biometric Authentication – Fingerprint and face recognition support
  • Video Optimization – Enhanced video playback with adaptive streaming support
  • Moble/TV Architecture – Modular system for different devices

As MYETV‘s platform evolves, so will My Webview App. All improvements we make for our own applications will be contributed back to the open-source project.

Why Open Source Matters

We believe strongly in the power of open source. By releasing My Webview App under the Apache 2.0 license, we’re not just sharing code we’re contributing to a larger ecosystem of tools and knowledge that benefits everyone.

Open source enables:

  • Transparency – You can inspect every line of code to understand exactly how the app works
  • Security – Community review helps identify and fix vulnerabilities faster than closed-source alternatives
  • Innovation – Developers can build on this foundation to create solutions we never imagined
  • Learning – New developers can study real-world production code to improve their skills
  • Collaboration – The best ideas come from diverse perspectives working together

Many of the tools and libraries we used to build MYETV are open source. By releasing My Webview App, we’re giving back to the community that made our success possible.

Conclusion

My Webview App represents the culmination of extensive development, security hardening, and real-world testing. It’s the same code that powers MYETV‘s production applications, now available for any developer to use, customize, and build upon.

Whether you’re building a video streaming platform, a news reader, an e-commerce app, or any web-based mobile application, My Webview App provides a secure, feature-rich foundation that saves months of development time.

Key Takeaways:

  • ✅ Open source under the permissive Apache 2.0 license
  • ✅ Production-tested code powering real applications
  • ✅ Comprehensive security features and best practices
  • ✅ Extensive customization through simple configuration
  • ✅ 20+ language translations included
  • ✅ Firebase integration for push notifications
  • ✅ QR scanning, offline support, and special URL schemes
  • ✅ Active development and community support

We’re excited to see what the developer community builds with My Webview App. Whether you’re creating the next MYETV, launching a startup, or just exploring Android development, we hope this framework helps you bring your vision to life.

🚀 Get started today: https://github.com/OskarCosimo/my-webview-app/

Have questions or want to share what you’re building? Open an issue on GitHub or start a discussion. We can’t wait to hear from you!

The MYETV Developers Team

Print Friendly, PDF & Email