There’s a vulnerability that affects WebView control in Android applications installed on Android devices running versions older than 4.2.
This vulnerability makes a large number of Android applications act as a hacker pipeline into user’s devices and provides a way to install malicious software, send SMSs and more.
WebView allows the user to view a web application (or just a web page) as a part of an ordinary Android application. The WebView class is an extension of Android’s View class that allows you to display web pages as a part of the appication’s screen layout.
If you do not provide the annotation, the method is not accessible by your web page when running on Android 4.2 or higher.
Users can be infected when they click on a URL link using a vulnerable application that allows opening a Java enabled browser or web page.