Attacks on WebView in the Android system

Luo, Tongbo; Hao, Hao; Du, Wenliang; Wang, Yifei; Yin, Heng

doi:10.1145/2076732.2076781

Cited by 146 publications

(118 citation statements)

References 17 publications

Supporting

Mentioning

112

Contrasting

Unclassified

Order By: Relevance

“…T. Luo, H. Hao, W. Du, Y. Wang and H. Yin in the paper 'Attacks on WebView in Android System' discussed a number of attacks on WebView, either by malicious apps or against non-malicious apps. They identified two fundamental causes of the attacks: weakening of the TCB and Sandbox 10 . A.D. Schmidt and S. Albayrak presented a paper on 'Malicious Software for Smartphones' and presented a list of most common behavior patterns and investigated the possibilities to exploit the standard Symbain OS API and additional malware functionalities 11 .…”

Section: Issues In the Security Of Androidmentioning

confidence: 99%

See 1 more Smart Citation

Review on Android App Security

Khan¹,

Firdous²

2017

IJARCSSE

View full text Add to dashboard Cite

Android is the most popular operating system and has the biggest market share among all the mobile OS's. Its ubiquitous influence makes it an easy target for the malware developers and other computer criminals. Android is the most secure operating system than its counterparts. It has very few restrictions for the developer and has no security scan for the apps being uploaded in the Play Store, which thus increases the risk for end users. In this paper we have reviewed android security model, security provided by the android OS, and the security provided by the android apps.

show abstract

Section: Issues In the Security Of Androidmentioning

confidence: 99%

“…It has already spread through the masses and has affected millions of devices. Currently, they are developing a method to secure the WebView 10 . It is found out that a lot of developers fail to take necessary security precautions.…”

Section: Issues In the Security Of Androidmentioning

confidence: 99%

Review on Android App Security

Khan¹,

Firdous²

2017

IJARCSSE

View full text Add to dashboard Cite

show abstract

“…The problems with the addJavascriptInterface in WebView were initially identified by Luo et al [41]. Another work mainly focuses on how the exposed JavaScript interface is used in ads library and their privacy concerns [51].…”

Section: Security Concerns Of Webviewmentioning

confidence: 99%

Fine-Grained Access Control for HTML5-Based Mobile Applications in Android

Jin

Wang

Luo

et al. 2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

HTML5-based mobile applications are becoming more and more popular because they can run on different platforms. Several newly introduced mobile OS natively support HTML5-based applications. For those that do not provide native support, such as Android, iOS, and Windows Phone, developers can develop HTML5-based applications using middlewares, such as PhoneGap [17]. In these platforms, programs are loaded into a web component, called WebView, which can render HTML5 pages and execute JavaScript code. In order for the program to access the system resources, which are isolated from the content inside WebView due to its sandbox, bridges need to be built between JavaScript and the native code (e.g. Java code in Android). Unfortunately, such bridges break the existing protection that was originally built into WebView.In this paper, we study the potential risks of HTML5-based applications, and investigate how the existing mobile systems' access control supports these applications. We focus on Android and the PhoneGap middleware. However, our ideas can be applied to other platforms. Our studies indicate that Android does not provide an adequate access control for this kind of applications. We propose a finegrained access control mechanism for the bridge in Android system. We have implemented our scheme in Android and have evaluated its effectiveness and performance.

show abstract

“…Several vulnerabilities have been identified on Android system and applications in recent years. Luo et al [43] demonstrated attacks on the communication channel between the app and its embedded WebView component. Recently, Wang et al [48] identified unauthorized origin crossing attacks on popular Android apps.…”

Section: Android System Securitymentioning

confidence: 99%

Attacks on Android Clipboard

Zhang

2014

Detection of Intrusions and Malware, and Vulnerability Assessment

Self Cite

View full text Add to dashboard Cite

Abstract. In this paper, we perform a thorough study on the risks imposed by the globally accessible Android Clipboard. Based on the risk assessment, we formulate a series of attacks and categorize them into two groups, i.e., manipulation and stealing. Clipboard data manipulation may lead to common code injection attacks, like JavaScript injection and command injection. Furthermore, it can also cause phishing attacks, including web phishing and app phishing. Data stealing happens when sensitive data copied into the clipboard is accessed by malicious applications. For each category of attack, we analyze a large number of candidate apps and show multiple case studies to demonstrate its feasibility. Also, our app analysis process is formulated to benefit future app development and vulnerability detection. After a comprehensive exposure of the risk, we briefly discuss some potential solutions.

show abstract

Attacks on WebView in the Android system

Cited by 146 publications

References 17 publications

Review on Android App Security

Review on Android App Security

Fine-Grained Access Control for HTML5-Based Mobile Applications in Android

Attacks on Android Clipboard

Contact Info

Product

Resources

About