Web access monitoring mechanism for Android webview

In addition to conventional web browsers, WebView is used to display web content on Android. WebView is a component that enables the display of web content in mobile applications, and is extensively used. As WebView displays web content without having to redirect the user to web browsers, there is the possibility that unauthorized web access may be performed secretly via Web-View, and information in Android may be stolen or tampered with. Therefore, it is necessary to monitor and analyze web access via WebView, particularly because attacks exploiting WebView have been reported. However, there is no mechanism for monitoring web access viaWebView. In this work, the goals are to monitor web access via WebView and to analyze mobile applications using Web-View. To achieve these goals, we propose a web access monitoring mechanism for Android WebView. In this paper, the design and implementation of a mechanism that does not require any modifications to the Android Framework and Linux kernel are presented for the Chromium Android System WebView app. In addition, this paper presents evaluation results for the proposed mechanism

Attacks on WebView in the Android System

WebView is an essential component in both Android and iOS platforms, enabling smartphone and tablet apps to embed a simple but powerful browser inside them. To achieve a better interaction between apps and their embedded\browsers , WebView provides a number of APIs, allowing code in apps to invoke and be invoked by the JavaScript code within the web pages, intercept their events, and modify those events. Using these features, apps can become customized \browsers for their intended web applications. Currently, in the Android market, 86 percent of the top 20 most downloaded apps in 10 diverse categories use WebView. The design ofWebView changes the landscape of theWeb, especially from the security perspective. Two essential pieces of the Web\u27s security infrastructure are weakened if Web- View and its APIs are used: the Trusted Computing Base (TCB) at the client side, and the sandbox protection implemented by browsers. As results, many attacks can be launched either against apps or by them. The objective of this paper is to present these attacks, analyze their fundamental causes, and discuss potential solutions

AdSplit: Separating smartphone advertising from applications

A wide variety of smartphone applications today rely on third-party advertising services, which provide libraries that are linked into the hosting application. This situation is undesirable for both the application author and the advertiser. Advertising libraries require additional permissions, resulting in additional permission requests to users. Likewise, a malicious application could simulate the behavior of the advertising library, forging the user's interaction and effectively stealing money from the advertiser. This paper describes AdSplit, where we extended Android to allow an application and its advertising to run as separate processes, under separate user-ids, eliminating the need for applications to request permissions on behalf of their advertising libraries. We also leverage mechanisms from Quire to allow the remote server to validate the authenticity of client-side behavior. In this paper, we quantify the degree of permission bloat caused by advertising, with a study of thousands of downloaded apps. AdSplit automatically recompiles apps to extract their ad services, and we measure minimal runtime overhead. We also observe that most ad libraries just embed an HTML widget within and describe how AdSplit can be designed with this in mind to avoid any need for ads to have native code

Ghera: A Repository of Android App Vulnerability Benchmarks

Security of mobile apps affects the security of their users. This has fueled the development of techniques to automatically detect vulnerabilities in mobile apps and help developers secure their apps; specifically, in the context of Android platform due to openness and ubiquitousness of the platform. Despite a slew of research efforts in this space, there is no comprehensive repository of up-to-date and lean benchmarks that contain most of the known Android app vulnerabilities and, consequently, can be used to rigorously evaluate both existing and new vulnerability detection techniques and help developers learn about Android app vulnerabilities. In this paper, we describe Ghera, an open source repository of benchmarks that capture 25 known vulnerabilities in Android apps (as pairs of exploited/benign and exploiting/malicious apps). We also present desirable characteristics of vulnerability benchmarks and repositories that we uncovered while creating Ghera.Comment: 10 pages. Accepted at PROMISE'1

Analyzing Android Browser Apps for file:// Vulnerabilities

Securing browsers in mobile devices is very challenging, because these browser apps usually provide browsing services to other apps in the same device. A malicious app installed in a device can potentially obtain sensitive information through a browser app. In this paper, we identify four types of attacks in Android, collectively known as FileCross, that exploits the vulnerable file:// to obtain users' private files, such as cookies, bookmarks, and browsing histories. We design an automated system to dynamically test 115 browser apps collected from Google Play and find that 64 of them are vulnerable to the attacks. Among them are the popular Firefox, Baidu and Maxthon browsers, and the more application-specific ones, including UC Browser HD for tablet users, Wikipedia Browser, and Kids Safe Browser. A detailed analysis of these browsers further shows that 26 browsers (23%) expose their browsing interfaces unintentionally. In response to our reports, the developers concerned promptly patched their browsers by forbidding file:// access to private file zones, disabling JavaScript execution in file:// URLs, or even blocking external file:// URLs. We employ the same system to validate the ten patches received from the developers and find one still failing to block the vulnerability.Comment: The paper has been accepted by ISC'14 as a regular paper (see https://daoyuan14.github.io/). This is a Technical Report version for referenc

Security Code Smells in Android ICC

Android Inter-Component Communication (ICC) is complex, largely unconstrained, and hard for developers to understand. As a consequence, ICC is a common source of security vulnerability in Android apps. To promote secure programming practices, we have reviewed related research, and identified avoidable ICC vulnerabilities in Android-run devices and the security code smells that indicate their presence. We explain the vulnerabilities and their corresponding smells, and we discuss how they can be eliminated or mitigated during development. We present a lightweight static analysis tool on top of Android Lint that analyzes the code under development and provides just-in-time feedback within the IDE about the presence of such smells in the code. Moreover, with the help of this tool we study the prevalence of security code smells in more than 700 open-source apps, and manually inspect around 15% of the apps to assess the extent to which identifying such smells uncovers ICC security vulnerabilities.Comment: Accepted on 28 Nov 2018, Empirical Software Engineering Journal (EMSE), 201

When Web Meets Mobile: Novel Security Threats and Defenses in Web/Mobile Hybrid Apps

Nowadays, mobile app developers are enjoying the benefits of the amalgamation of web and mobile platforms. Developers can easily and smoothly integrate all sorts of web services in their mobile apps by embedding a browser-like UI component, called “WebView”, which can render web content and run JavaScript code within mobile apps (call hybrid apps for convenience). WebView is easy to use and popular. A recent study showed ~80% of Android apps used WebView. WebView is also as powerful as regular browsers (e.g., Chrome/Chromium), and well supports web features and behaviors. In regular browsers, there exist several sensitive web behaviors that are often the root reason of critical security issues. In past years, they have been well studied, and a variety of mature defense solutions have been deployed. However, these sensitive web behaviors are seldom understood and scrutinized in WebView, which provides a totally new working environment. Different from regular browsers, WebView offers mobile developers freedom to customize their WebView instances by enabling several unique programming features. For example, WebView allows mobile code to control and customize web behaviors through WebView setting and event handler APIs. Considering these WebView features may heavily impact above sensitive web behaviors, it is unclear whether the corresponding defense solutions are still effective in WebView. Motivated by above security concerns, in this dissertation, we conduct the systematic security study of several sensitive web behaviors (e.g., web events, web messaging, and the utilization of iframes and popups) in WebView of the Android platform, which is open and the biggest mobile operating system (OS). As a consequence, we discover several novel security vulnerabilities and fundamental design flaws. To demonstrate the security implications, we devise several concrete attacks. Through these attacks, untrusted code (e.g., ads) loaded in WebView can open holes on existing defense solutions, and obtain risky privileges and abilities, such as stealing users’ private data (e.g., GPS location), unauthorizedly accessing sensitive hardware (e.g., microphone), and performing phishing attacks. Then, we study and assess the security impacts of these security issues on real-world hybrid apps. For this purpose, we develop novel tools that can automatically apply program analysis techniques to vet Android apps. By analyzing a large number of most popular apps collected from the official Android marketplace, we find the vulnerabilities are prevalent. Many high-profile apps are verified to be impacted, such as Facebook, Instagram, Facebook Messenger, Google News, Skype, Uber, Yelp, and U.S. Bank. To mitigate these security issues from the root, we design multi-level defense solutions that enhance the security of WebView. Our evaluation on real-world apps shows our mitigation solutions are effective and scalable, with negligible overhead

The Transitivity of Trust Problem in the Interaction of Android Applications

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for the end users while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent and usable manner. In this paper, we propose to employ static analysis based on the software architecture and focused data flow analysis to scalably detect information flows between components. Specifically, we aim to reveal transitivity of trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with Android applications, although the generalization of the analysis to similar composition-based architectures, such as Service-oriented Architecture, can also be explored in the future