Use the following patch to secure the webview if you are using the ‘react-native-screens’ package.

diff --git a/node_modules/react-native-screens/android/src/main/java/com/swmansion/rnscreens/Screen.java b/node_modules/react-native-screens/android/src/main/java/com/swmansion/rnscreens/Screen.java
index e34a58e..82eef17 100644
--- a/node_modules/react-native-screens/android/src/main/java/com/swmansion/rnscreens/Screen.java
+++ b/node_modules/react-native-screens/android/src/main/java/com/swmansion/rnscreens/Screen.java
@@ -8,6 +8,7 @@ import android.view.View;
 import android.view.ViewGroup;
 import android.view.WindowManager;
 import android.view.inputmethod.InputMethodManager;
+import android.webkit.WebSettings;
 import android.webkit.WebView;
 import android.widget.TextView;
 
@@ -179,6 +180,15 @@ public class Screen extends ViewGroup {
     for(int i = 0; i < viewGroup.getChildCount(); i++) {
       View child = viewGroup.getChildAt(i);
       if (child instanceof WebView) {
+        WebSettings webSettings = ((WebView)child).getSettings();
+        // Secure Webview: https://sensei.securecodewarrior.com/recipes/scw:android:webview-disable-file-access-setter
+        webSettings.setAllowFileAccess(false);
+        webSettings.setJavaScriptEnabled(false);
+        webSettings.setAllowFileAccess(false);
+        webSettings.setGeolocationEnabled(false);
+        webSettings.setAllowContentAccess(false);
+        int never = WebSettings.MIXED_CONTENT_NEVER_ALLOW;
+        webSettings.setMixedContentMode(never);
         return true;
       } else if (child instanceof ViewGroup) {
          if (hasWebView((ViewGroup) child)) {