setWebContentsDebuggingEnabled is referenced; if enabled in production it exposes WebView contents to anyone with adb/devtools access.
setWebContentsDebuggingEnabled(true) in production lets anyone with ADB attach Chrome DevTools to your WebViews: read the DOM, cookies, localStorage, and inject script into live sessions.
Session material and in-page data are one USB cable away on any device.
if (BuildConfig.DEBUG) WebView.setWebContentsDebuggingEnabled(true)