A View to a Kill: WebView Exploitation
نویسندگان
چکیده
WebView is a technique to mingle web and native applications for mobile devices. The fact that its main incentive requires making data stored on, as well as the functionality of mobile devices, directly accessible to active web content, is not without consequences to security. In this paper, we present a threat scenario that targets WebView apps and show its practical applicability in a case study of selected apps. We further show results of our examination of over 287,000 apps in regard to WebView-related vulnerabilities.
منابع مشابه
رفتار با حیوان آزمایشگاهی از منظر قرآن
By the ever-increasing discovery of pharmaceutical and chemical substances, their adverse effects will be considered too. To evaluate adverse effects, animals are used, and factors like standardization of species and breed, storage condition and biochemical system will be effective for animal selection. In Islamic education, animal issues are important. The principles of keeping animals, usin...
متن کاملWebView: Scalable Information Monitoring for Data-Intensive Web Applications
We present WebView, a scalable information monitoring service for data-intensive Web applications that continuously monitors local application state, aggregates local state into a global view, and uses the global view to help ensure high performance and high availability for these applications. We demonstrate the effectiveness of WebView by building three key Web applications: (a) a data prefet...
متن کاملPrecisely and Scalably Vetting JavaScript Bridge in Android Hybrid Apps
In this paper, we propose a novel system, named BridgeScope, for precise and scalable vetting of JavaScript Bridge security issues in Android hybrid apps. BridgeScope is flexible and can be leveraged to analyze a diverse set of WebView implementations, such as Android’s default WebView, and Mozilla’s Rhino-based WebView. Furthermore, BridgeScope can automatically generate test exploit code to f...
متن کاملTouchjacking Attacks on Web in Android, iOS, and Windows Phone
To make it easy for applications to interact with the Web, most mobile platforms, including Android, iOS, and Windows Phone, provide a mechanism that allows applications to embed a small but powerful browser component inside. This mechanism is called WebView in Android (it is called different names in other platforms). WebView implements a number of APIs that can be used by applications to inte...
متن کاملCross Site Request Forgery on Android WebView
Android has always been about connectivity and providing great browsing experience. Web-based content can be embedded into the Android application using WebView. It is a User Interface component that displays webpages. It can either display a remote webpage or can also load static HTML data. This encompasses the functionality of a browser that can be integrated to application. WebView provides ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013