diff --git a/modules/js_widget/lib/src/mobile/js_widget.dart b/modules/js_widget/lib/src/mobile/js_widget.dart
index 9d5fd6c75..0413a4aea 100644
--- a/modules/js_widget/lib/src/mobile/js_widget.dart
+++ b/modules/js_widget/lib/src/mobile/js_widget.dart
@@ -1,4 +1,5 @@
 import 'package:flutter/material.dart';
+import 'package:js_widget/src/mobile/webview_debug_policy.dart';
 // Import for Android features.
 import 'package:webview_flutter_android/webview_flutter_android.dart';
 // Import for iOS features.
@@ -91,7 +92,9 @@ class JsWidgetState extends State<JsWidget> {
       )
       ..loadHtmlString(getHtmlContent());
     if (controller.platform is AndroidWebViewController) {
-      AndroidWebViewController.enableDebugging(true);
+      if (androidWebViewDebuggingEnabled()) {
+        AndroidWebViewController.enableDebugging(true);
+      }
       (controller.platform as AndroidWebViewController)
           .setMediaPlaybackRequiresUserGesture(false);
     }
diff --git a/modules/js_widget/lib/src/mobile/webview_debug_policy.dart b/modules/js_widget/lib/src/mobile/webview_debug_policy.dart
new file mode 100644
index 000000000..bc6eee7a1
--- /dev/null
+++ b/modules/js_widget/lib/src/mobile/webview_debug_policy.dart
@@ -0,0 +1,12 @@
+import 'package:flutter/foundation.dart';
+
+/// Whether Android WebView remote debugging may be enabled for this build.
+///
+/// Release/profile builds must return false so production WebViews cannot be
+/// inspected or scripted via chrome://inspect (CWE-489).
+bool androidWebViewDebuggingEnabled() =>
+    androidWebViewDebuggingEnabledForBuild(isDebugBuild: kDebugMode);
+
+/// Build-mode gate used by [androidWebViewDebuggingEnabled] and unit tests.
+bool androidWebViewDebuggingEnabledForBuild({required bool isDebugBuild}) =>
+    isDebugBuild;
diff --git a/modules/js_widget/test/webview_debug_policy_test.dart b/modules/js_widget/test/webview_debug_policy_test.dart
new file mode 100644
index 000000000..6c9946a69
--- /dev/null
+++ b/modules/js_widget/test/webview_debug_policy_test.dart
@@ -0,0 +1,16 @@
+import 'package:flutter_test/flutter_test.dart';
+import 'package:js_widget/src/mobile/webview_debug_policy.dart';
+
+void main() {
+  group('androidWebViewDebuggingEnabledForBuild', () {
+    test('disables debugging for release/profile builds', () {
+      expect(androidWebViewDebuggingEnabledForBuild(isDebugBuild: false),
+          isFalse);
+    });
+
+    test('allows debugging only for debug builds', () {
+      expect(
+          androidWebViewDebuggingEnabledForBuild(isDebugBuild: true), isTrue);
+    });
+  });
+}