A vulnerability was found in Lark Android exported activity web view which could have potentially been used to send a malicious URL to WebView and replace the content in the application with malicious code. We thank @shell_c0de for reporting this to our team.