research-article

Web access monitoring mechanism for Android webview

Authors:

Toshihiro YamauchiAuthors Info & Claims

ACSW '18: Proceedings of the Australasian Computer Science Week Multiconference

Article No.: 1, Pages 1 - 8

https://doi.org/10.1145/3167918.3167942

Published: 29 January 2018 Publication History

Get Access

Abstract

In addition to conventional web browsers, WebView is used to display web content on Android. WebView is a component that enables the display of web content in mobile applications, and is extensively used. As WebView displays web content without having to redirect the user to web browsers, there is the possibility that unauthorized web access may be performed secretly via WebView, and information in Android may be stolen or tampered with. Therefore, it is necessary to monitor and analyze web access via WebView, particularly because attacks exploiting WebView have been reported. However, there is no mechanism for monitoring web access via WebView. In this work, the goals are to monitor web access via WebView and to analyze mobile applications using WebView. To achieve these goals, we propose a web access monitoring mechanism for Android WebView. In this paper, the design and implementation of a mechanism that does not require any modifications to the Android Framework and Linux kernel are presented for the Chromium Android System WebView app. In addition, this paper presents evaluation results for the proposed mechanism.

References

[1]

T. Luo, H. Hao, W. Du, Y. Wang, and H. Yin, Attacks on WebView in the Android system, In Proceedings of the 27th Annual Computer Security Applications Conference. ACM, pp. 343--352, 2011.

Digital Library

Google Scholar

[2]

P. Mutchler, A. Doupé, J. Mitchell, C. Kruegel, and G. Vigna, A Large-Scale Study of Mobile Web App Security, In Proceedings of the Mobile Security Technologies Workshop (MoST), 2015.

Google Scholar

[3]

WebKit, Open Source Browser Engine. https://webkit.org/.

Google Scholar

[4]

The Chromium project, https://www.chromium.org/.

Google Scholar

[5]

The Chromium project, NetworkStack, https://www.chromium.org/developers/design-documents/network-stack/.

Google Scholar

[6]

G. S. Tuncay, S. Demetriou, and C. A. Gunter, Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android, In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, pp. 104--115, 2016.

Digital Library

Google Scholar

[7]

M. Neugschwandtner, M. Lindorfer, and C. Platzer, A View to a Kill: WebView Exploitation, In Proceeding of the 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2013.

Google Scholar

[8]

T. Luo, W. Du, and Y. Wang, ATTACKS AND COUNTERMEASURES FOR WEBVIEW ON MOBILE SYSTEMS, Ph.D. Dissertation. Syracuse University, 2014.

Google Scholar

[9]

A. B. Bhavani, Cross-site Scripting Attacks on Android WebView, arXiv preprint arXiv:1304.7451, 2013.

Google Scholar

[10]

W. Bao, W. Yao, M. Zong, and D. Wang, Cross-site Scripting Attacks on Android Hybrid Applications, In Proceedings of the 2017 International Conference on Cryptography, Security and Privacy. ACM, pp. 56--61, 2017.

Digital Library

Google Scholar

[11]

S. Son, D. Kim, and V. Shmatikov, What Mobile Ads Know About Mobile Users, In Proceedings of the Network and Distributed System Security Symposium (NDSS 2016), 1--15, 2016.

Crossref

Google Scholar

[12]

N. Kudo, T. Yamauchi, and T. H. Austin, Access Control for Plugins in Cordova-based Hybrid Applications, In the 31st IEEE International Conference on Advanced Information Networking and Applications (AINA-2017), pp. 1063--1069, 2017.

Crossref

Google Scholar

[13]

J. Yu and T. Yamauchi, Access Control to Prevent Malicious JavaScript Code Exploiting Vulnerabilities of WebView in Android OS, IEICE Transactions on Information and Systems, vol. E98-D, no. 4, pp. 807--811, 2015.

Google Scholar

Cited By

View all

Phung PReddy RCap SPierce AMohanty ASridhar M(2020)A multi-party, fine-grained permission and policy enforcement framework for hybrid mobile applicationsJournal of Computer Security10.3233/JCS-191350(1-30)Online publication date: 9-Mar-2020
https://doi.org/10.3233/JCS-191350
Singh AGoyal N(2020)Understanding and Mitigating Threats from Android Hybrid Apps Using Machine Learning2020 IEEE International Conference on Big Data (Big Data)10.1109/BigData50022.2020.9377952(1-9)Online publication date: 10-Dec-2020
https://doi.org/10.1109/BigData50022.2020.9377952
Imamura YOrito RChaikaew KManardo CLeelaprute PSato MYamauchi T(2019)Threat Analysis of Fake Virus Alerts Using WebView Monitor2019 Seventh International Symposium on Computing and Networking (CANDAR)10.1109/CANDAR.2019.00012(28-36)Online publication date: Nov-2019
https://doi.org/10.1109/CANDAR.2019.00012
Show More Cited By

Index Terms

Web access monitoring mechanism for Android webview
1. Security and privacy
  1. Network security
  2. Systems security
    1. Operating systems security
      1. Mobile platform security

Recommendations

ωTest: WebView-Oriented Testing for Android Applications
ISSTA 2023: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis

WebView is a UI widget that helps integrate web applications into the native context of Android apps. It provides powerful mechanisms for bi-directional interactions between the native-end (Java) and the web-end (JavaScript) of an Android app. However,...
Web access monitoring mechanism via Android WebView for threat analysis
Abstract
Many Android apps employ WebView, a component that enables the display of web content in the apps without redirecting users to web browser apps. However, WebView might also be used for cyberattacks. Moreover, to the best of our knowledge, although ...
(Short Paper) Method for Preventing Suspicious Web Access in Android WebView
Advances in Information and Computer Security
Abstract
WebView is commonly used by applications on the Android OS. Given that WebView is used as a browsing component on applications, they can be attacked via the web. Existing security mechanisms mainly focus on web browsers; hence, securing WebView is ...

Comments

Information & Contributors

Information

Published In

ACSW '18: Proceedings of the Australasian Computer Science Week Multiconference

January 2018

404 pages

ISBN:9781450354363

DOI:10.1145/3167918

Conference Chair:
David Abramson

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 January 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ACSW 2018

Sponsor:

CORE

ACSW 2018: Australasian Computer Science Week 2018

January 29 - February 2, 2018

Queensland, Brisband, Australia

Acceptance Rates

ACSW '18 Paper Acceptance Rate 49 of 96 submissions, 51%;

Overall Acceptance Rate 204 of 424 submissions, 48%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
205
Total Downloads

Downloads (Last 12 months)18
Downloads (Last 6 weeks)2

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Phung PReddy RCap SPierce AMohanty ASridhar M(2020)A multi-party, fine-grained permission and policy enforcement framework for hybrid mobile applicationsJournal of Computer Security10.3233/JCS-191350(1-30)Online publication date: 9-Mar-2020
https://doi.org/10.3233/JCS-191350
Singh AGoyal N(2020)Understanding and Mitigating Threats from Android Hybrid Apps Using Machine Learning2020 IEEE International Conference on Big Data (Big Data)10.1109/BigData50022.2020.9377952(1-9)Online publication date: 10-Dec-2020
https://doi.org/10.1109/BigData50022.2020.9377952
Imamura YOrito RChaikaew KManardo CLeelaprute PSato MYamauchi T(2019)Threat Analysis of Fake Virus Alerts Using WebView Monitor2019 Seventh International Symposium on Computing and Networking (CANDAR)10.1109/CANDAR.2019.00012(28-36)Online publication date: Nov-2019
https://doi.org/10.1109/CANDAR.2019.00012
Sato MImamura YOrito RYamauchi T(2019)(Short Paper) Method for Preventing Suspicious Web Access in Android WebViewAdvances in Information and Computer Security10.1007/978-3-030-26834-3_14(241-250)Online publication date: 24-Jul-2019
https://doi.org/10.1007/978-3-030-26834-3_14

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

ωTest: WebView-Oriented Testing for Android Applications

Web access monitoring mechanism via Android WebView for threat analysis

(Short Paper) Method for Preventing Suspicious Web Access in Android WebView

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

ωTest: WebView-Oriented Testing for Android Applications

Web access monitoring mechanism via Android WebView for threat analysis

(Short Paper) Method for Preventing Suspicious Web Access in Android WebView

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations