We have an Android app using WebView to display part of the user interface. In app telemetry we see that on some user device the following exception is thrown:

SecurityError: Failed to execute 'getFileHandle' on 'FileSystemDirectoryHandle': An attempt was made to break through the security policy of the user agent.

Here is the code causing the exception:

const root = await navigator.storage.getDirectory();
const fileHandle = await root.getFileHandle(name, {create: true});

I would expect the exception to be thrown in a browser with strict privacy controls. However, the problem appears in a WebView component. What's more puzzling the problem appears only on some devices. For example, I'm not able to reproduce the problem on any of our test smartphones.

The OPFS API is being used in a secure context (HTTPS page).

Most often the exception is thrown in WebView version 132, running on Android 14.

What may cause the WebView to limit origin private file system API use?