Using JavaScript interfaces in WebViews to expose Java objects is unsafe. Doing so allows JavaScript
to invoke Java methods, potentially giving attackers access to data or sensitive app functionality.
WebViews might include untrusted sources such as third-party iframes, making this functionality
particularly risky. As JavaScript interfaces are passed to every frame in the WebView, those iframes
are also able to access the exposed Java object.