Enumerates window properties looking for injected Java objects (addJavascriptInterface)
3. Known Flo Bridge Names (explicit typeof checks)
4. Cookies & Storage
5. Injected HTML / Scripts
Checks if the app injects any script tags, iframes, or hidden elements into the page
6. Network & Fetch Capabilities
7. Navigation Dispatch Tests (H9 Chain)
Tests whether shouldOverrideUrlLoading dispatches floperiodtracker:// URIs as intents.
Each button triggers location.href = .... If the WebView disappears and another activity opens, the chain works.
8. File & Content URI Access
9. Clipboard Access
10. Non-Standard window Properties (full dump)
Everything on window that isn't in a clean Chrome/WebView