Starting with Android O, Google allows developers to secure webviews in their apps from untrusted external content by separating WebView renderer process from the host application.

This allows the host app to stay away from crashes in renderer process as well as exploit attempts made through malicious content. The renderer process running in its separate process is given a limited set of resources to use, like it can't do disk write or connect to network on its own limiting the idea of malware attack.

To configure safe browsing, you need to add a new meta data in your app's manifest. Keep in mind, the meta data must be put outside the application tag. The meta tag must hold the android name,

android.webkit.WebView.EnableSafeBrowsing

and to activate it, the value must be set to true. The following example does the same,

<manifest>
<meta-data android:name="android.webkit.WebView.EnableSafeBrowsing"
android:value="true" />
. . .
<application> . . . </application>
</manifest>

One more thing. Safe Browsing isn't Android O exclusive and can be activated for devices running Android Lollipop and above too owing to the fact that Google decided to distribute WebView as a separate app starting Android 5.0.