I'm building android app via React Native. We're using package, which I assume wraps native WebView component.

The problem that in the end we get a file in data/data/com.myapp/app_webview/Default/Cookies

which contain sensitive information - unencrypted cookies (we were flagged by our security team), that any malicious person can extract easily using adb shell if he steals a device.

I already tried to disable cache for webview and use incognito mode:

      cacheEnabled={false}
      cacheMode={'LOAD_NO_CACHE'}
      thirdPartyCookiesEnabled={false}
      incognito={true}

and clear cookies via CookieManager:

    await CookieManager.clearAll();
    await CookieManager.removeSessionCookies();

but no luck.