Analyzing Android Browser Apps for file:// Vulnerabilities

Wu, Daoyuan; Chang, Rocky K. C.

doi:10.1007/978-3-319-13257-0_20

Cited by 23 publications

(33 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Numerous attack forms have been found and studied by the researchers, such as excess authorization [11], file-based crosszone scripting [18], touchjacking [19], unauthorized origin crossing [20], etc. WebView vulnerabilities are mainly caused by the insecure API invocations from the JS code to the Java or native code in an app.…”

Section: Related Workmentioning

confidence: 99%

When Android Apps Open Ports to Handle Network Requests: Functionality or Security Vulnerability?

Yue¹,

Zhang²

2017

IJSIA

View full text Add to dashboard Cite

show abstract

Section: Related Workmentioning

confidence: 99%

When Android Apps Open Ports to Handle Network Requests: Functionality or Security Vulnerability?

Yue¹,

Zhang²

2017

IJSIA

View full text Add to dashboard Cite

show abstract

“…Dynamic analysis has been used to analyze mobile apps with respect to privacy [8], security [22], [27], performance [24], energy consumption [10], [19], [20] and bugs [1], [12], [14], [16], [23]. Several frameworks for large-scale dynamic analysis for mobile apps [4], [11] and automatic test frameworks running in the cloud [17], [25] have emerged.…”

Section: Related Workmentioning

confidence: 99%

Dynalize: Dynamic Analysis of Mobile Apps in a Platform-as-a-Service Cloud

Graubner

Baumgärtner

Heckmann

et al. 2015

2015 IEEE 8th International Conference on Cloud Computing

View full text Add to dashboard Cite

Ensuring the software quality of mobile applications with respect to performance, robustness, energy consumption, security and privacy is an important problem for a growing researcher and developer community. In this paper, we present Dynalize, a Platform-as-a-Service cloud for the dynamic analysis of mobile applications. It allows researchers and developers to investigate mobile applications at runtime in a virtual device cloud and to publish the performed analyses as web services. In contrast to existing approaches, it makes use of container virtualization on top of Infrastructure-as-a-Service instances, enabling dynamic provisioning and fast deployment of dynamic analyses. A custom container layout and a novel storage solution on the virtual server layer ensures cost-and runtime-efficient large-scale analyses of thousands of apps. The applicability of Dynalize is demonstrated by a security analysis of about 6,000 Android applications. Experiments on container startup, virtual device to container throughput and different storage backends show the feasibility of the proposed approach.

show abstract

“…To the best of our knowledge, the local resource oracle and the inference attacks it enables have never been reported before. These indirect attacks work regardless of how the same origin policy is implemented in WebView, including the latest implementations that have fixed the vulnerability described in [53].…”

Section: Related Workmentioning

confidence: 99%

“…Wu and Chang showed how to steal files from mobile devices by exploiting how mobile browsers interpret SOP for file-scheme origins [53], in particular, the fact that old versions of Android's WebView treat all file-scheme URIs as the same origin. This attack is similar to the direct filereading vulnerability in AdMarvel described in Section IV-B.…”

Section: Related Workmentioning

confidence: 99%

What Mobile Ads Know About Mobile Users

Son

Kim

Shmatikov

2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-We analyze the software stack of popular mobile advertising libraries on Android and investigate how they protect the users of advertising-supported apps from malicious advertising. We find that, by and large, Android advertising libraries properly separate the privileges of the ads from the host app by confining ads to dedicated browser instances that correctly apply the same origin policy.We then demonstrate how malicious ads can infer sensitive information about users by accessing external storage, which is essential for media-rich ads in order to cache video and images. Even though the same origin policy prevents confined ads from reading other apps' external-storage files, it does not prevent them from learning that a file with a particular name exists. We show how, depending on the app, the mere existence of a file can reveal sensitive information about the user. For example, if the user has a pharmacy price-comparison app installed on the device, the presence of external-storage files with certain names reveals which drugs the user has looked for.We conclude with our recommendations for redesigning mobile advertising software to better protect users from malicious advertising.

show abstract

Analyzing Android Browser Apps for file:// Vulnerabilities

Cited by 23 publications

References 17 publications

When Android Apps Open Ports to Handle Network Requests: Functionality or Security Vulnerability?

When Android Apps Open Ports to Handle Network Requests: Functionality or Security Vulnerability?

Dynalize: Dynamic Analysis of Mobile Apps in a Platform-as-a-Service Cloud

What Mobile Ads Know About Mobile Users

Contact Info

Product

Resources

About