1) Local File Read via JavaScript (setAllowFileAccess)
We use
XMLHttpRequest (ArrayBuffer) + fallback to responseText, and also attempt fetch(). XHR may succeed with status===0.2) External App Dir Crawl (heuristics)
Probes under
/sdcard/Android/data/com.okinc.okex.gp/ and /storage/emulated/0/Android/data/com.okinc.okex.gp/.3) DOM Storage (setDomStorageEnabled)
4) Geolocation (setGeolocationEnabled)
5) Mixed Content (setMixedContentMode)
If the host page is HTTPS and mode is
ALWAYS_ALLOW, these should load. From file://, behavior varies by WebView.