Developing Mobile Browsers in a Product Line
IEEE Software
IEEE Pervasive Computing
IEEE Pervasive Computing
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Reining in the web with content security policy
Proceedings of the 19th international conference on World wide web
ESCUDO: A Fine-Grained Protection Model for Web Browsers
ICDCS '10 Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems
Object Capabilities and Isolation of Untrusted Web Applications
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Proceedings of the 17th ACM conference on Computer and communications security
A proxy-based mobile web browser
Proceedings of the international conference on Multimedia
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Pro Android 3
Contego: capability-based access control for web browsers
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Mediums: visual integrity preserving framework
Proceedings of the third ACM conference on Data and application security and privacy
Towards an understanding of the impact of advertising on data leaks
International Journal of Security and Networks
Supporting visual security cues for WebView-based Android apps
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Touchjacking attacks on web in android, iOS, and windows phone
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
Unauthorized origin crossing on mobile platforms: threats and mitigation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Securing embedded user interfaces: Android and beyond
SEC'13 Proceedings of the 22nd USENIX conference on Security
Compac: enforce component-level access control in android
Proceedings of the 4th ACM conference on Data and application security and privacy
DroidBarrier: know what is executing on your android
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
WebView is an essential component in both Android and iOS platforms, enabling smartphone and tablet apps to embed a simple but powerful browser inside them. To achieve a better interaction between apps and their embedded "browsers", WebView provides a number of APIs, allowing code in apps to invoke and be invoked by the JavaScript code within the web pages, intercept their events, and modify those events. Using these features, apps can become customized "browsers" for their intended web applications. Currently, in the Android market, 86 percent of the top 20 most downloaded apps in 10 diverse categories use WebView. The design of WebView changes the landscape of the Web, especially from the security perspective. Two essential pieces of the Web's security infrastructure are weakened if WebView and its APIs are used: the Trusted Computing Base (TCB) at the client side, and the sandbox protection implemented by browsers. As results, many attacks can be launched either against apps or by them. The objective of this paper is to present these attacks, analyze their fundamental causes, and discuss potential solutions.