Access Control Mechanism to Mitigate Cordova Plugin Attacks in Hybrid Applications

Abstract: Hybrid application frameworks such as Cordova are more and more popular to create platform-independent applications (apps) because they provide special APIs to access device resources in a platform-agonistic way. By using these APIs, hybrid apps can access device resources through JavaScript. In this paper, we present a novel apprepackaging attack that repackages hybrid apps with malicious code; this code can exploit Cordova's plugin interface to steal and tamper with device resources. We address this attack a… Show more

“…App-repackage attack Kudo et al [9] have presented a novel app-repackaging attack that repackages Cordova apps with malicious code and have proposed a novel runtime access control mechanism that restricts access based on the mobile user's judgment, to present a novel app-repackaging attack that repackages hybrid apps with malicious code.…”

“…Although WebView can use only Google Safe Browsing, this measure alone is not enough to protect web access via WebView, especially from fake virus alerts, which use malvertising to redirect the users to web pages and scam the users into installing the suspicious Android app. Moreover, previous studies have reported attacks exploiting WebView and presented countermeasures against these attacks [4][5][6][7][8][9][10][11][12][13][14][15][16]. Some studies have presented access control methods to prevent malicious JavaScript codes from exploiting the vulnerabilities of WebView [6][7][8] and to prevent app-repackage attacks in Cordova-based hybrid applications [9].…”

Web access monitoring mechanism via Android WebView for threat analysis

“…App-repackage attack Kudo et al [9] have presented a novel app-repackaging attack that repackages Cordova apps with malicious code and have proposed a novel runtime access control mechanism that restricts access based on the mobile user's judgment, to present a novel app-repackaging attack that repackages hybrid apps with malicious code.…”

“…Although WebView can use only Google Safe Browsing, this measure alone is not enough to protect web access via WebView, especially from fake virus alerts, which use malvertising to redirect the users to web pages and scam the users into installing the suspicious Android app. Moreover, previous studies have reported attacks exploiting WebView and presented countermeasures against these attacks [4][5][6][7][8][9][10][11][12][13][14][15][16]. Some studies have presented access control methods to prevent malicious JavaScript codes from exploiting the vulnerabilities of WebView [6][7][8] and to prevent app-repackage attacks in Cordova-based hybrid applications [9].…”

Web access monitoring mechanism via Android WebView for threat analysis

Threat Analysis of Fake Virus Alerts Using WebView Monitor