The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and earlier applications for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
http://www.securityfocus.com/bid/52189
http://secunia.com/advisories/48065
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000014