The WebView.setWebContentsDebuggingEnabled method enables or disables the contents of any WebView in the application to be debugged.

You should only enable debugging features during development. When you create a production build, you should disable it. If you enable debugging features, this can make your code vulnerable by adding entry points, or leaking sensitive information.

Ensure that debugging features are not enabled in production builds, such as by guarding calls to WebView.setWebContentsDebuggingEnabled(true) by a flag that is only enabled in debug builds.

In the first (bad) example, WebView debugging is always enabled. whereas the GOOD case only enables it if the android:debuggable attribute is set to true.

Android Developers: setWebContentsDebuggingEnabled.

Android Developers: Remote debugging WebViews.