Description
We got a report from a security scan of our mobile application using the Zoom iOS SDK about a potential security issue when the SDK load javascript content into WKWebView.
Are you collecting specific personal data through this mechanism that we have to know about ?
Is it possible to enable sandboxed context ? If not, please provide a reason (would it deteriorate / break some of the SDK functionalities, especially in term of monitoring?)
@nvivot, thank you for raising this issue. Consulting with our SDK engineering team, we believe our implementation can be changed to prevent the need for this web view. We are currently targeting an upcoming release to make this change. We have a scheduled deployment which means you might see a release that does not include this, but expect it subsequently.
To answer your questions,
No, this is not used to provide any user context or authorization services.
Yes. We expect you to be able to sandbox this and maintain SDK functionality.