Abstract
WebView, an Android component to load and display web content, has become the center of attraction for attackers as its use increases with the increased trend of hybrid application development. The attackers mainly concentrate on abusing the JavaScript interface and accessing the native code. Since most of the developers do not go for HTTPS secure connections to decrease processing overhead, injection attacks becomes easy. The attacker looks for the JavaScript interface implementation in well known libraries like ad-provider libraries or hybrid application wrapper libraries and try to inject code that uses them. This paper presents a low overhead solution to use public key cryptography for ensuring integrity over data transferred and thus prevent such attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Worldwide quarterly mobile phone tracker. Technical report, Q4 (2014)
Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile security catching up? revealing the nuts and bolts of the security of mobile devices. In: IEEE Symposium on Security and Privacy, SP 2011, pp. 96–111. IEEE (2011)
Chin, E., Wagner, D.: Bifocals: analyzing webview vulnerabilities in android applications. In: Kim, Y., Lee, H., Perrig, A. (eds.) WISA 2013. LNCS, vol. 8267, pp. 138–159. Springer, Heidelberg (2014)
Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why eve and mallory love android: an analysis of android ssl (in) security. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 50–61. ACM (2012)
Luo, T., Hao, H., Du, W., Wang, Y., Yin, H.: Attacks on webview in the android system. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 343–352. ACM (2011)
Neugschwandtner, M., Lindorfer, M., Platzer, C.: Webview exploitation. In: LEET A view to a kill (2013)
Stevens, R., Gibler, C., Crussell, J., Erickson, J., Chen, H.: Investigating user privacy in android ad libraries. In: Workshop on Mobile Security Technologies (MoST). Citeseer (2012)
Vidas, T., Votipka, D., Christin, N.: All your droid are belong to us: a survey of current android attacks. In: WOOT, pp. 81–90 (2011)
Wu, D., Chang, R.K.C.: Analyzing Android Browser Apps for file:// Vulnerabilities. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 345–363. Springer, Heidelberg (2014)
Zhou, Y., Jiang, X.:. Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy, SP 2012, pp. 95–109. IEEE (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
K., J., K., P. (2015). A Low Overhead Prevention of Android WebView Abuse Attacks. In: Abawajy, J., Mukherjea, S., Thampi, S., Ruiz-Martínez, A. (eds) Security in Computing and Communications. SSCC 2015. Communications in Computer and Information Science, vol 536. Springer, Cham. https://doi.org/10.1007/978-3-319-22915-7_48
Download citation
DOI: https://doi.org/10.1007/978-3-319-22915-7_48
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22914-0
Online ISBN: 978-3-319-22915-7
eBook Packages: Computer ScienceComputer Science (R0)