Working on android app. Besides multiple options it has, one of the possibilities is to do the payment. Since this is already implemented on web, I plan to just load the url in webview, login user and let him proceed with payment here. What I want to know: is this approach safe?
For example let's take a look at 2 scenarios:
Are there any bigger security differences between these 2 approaches? Thanks
The two use cases described in question are almost identical security-wise(at least there is no official info that says otherwise). It is because the webview of the Android OS basically is a Chromium-based browser, which uses a lot of the same code as Chrome.
Moreover, most of the payment providers as Braintree or Stripe, have their mobile app embeddable UI and functionality provided as fully or partially web view-based components because it is more secure than the native(android or ios) approaches.
If you are still paranoid and want to use an actual Chrome browser instead of an Android web view disregarding previous info but want it to look like it is a part of your app flow, you can also do it. Chrome has a relatively new feature called Custom Tabs - it is not that complicated to integrate, basically the same as an ordinary web view. It won't give you as immense control over it as a web view provides but for simple displaying, it should be a preferable approach.
Hope it helps.