Web access monitoring mechanism via Android WebView for threat analysis-Reference-Cited by-同舟云学术

Web access monitoring mechanism via Android WebView for threat analysis

Published:2021-01-19 Issue:6 Volume:20 Page:833-847
ISSN:1615-5262
Container-title:International Journal of Information Security
language:en
Short-container-title:Int. J. Inf. Secur.

Author:

Imamura Yuta,Orito Rintaro,Uekawa Hiroyuki,Chaikaew Kritsana,Leelaprute Pattara,Sato Masaya,Yamauchi Toshihiro^ORCID

Abstract

AbstractMany Android apps employ WebView, a component that enables the display of web content in the apps without redirecting users to web browser apps. However, WebView might also be used for cyberattacks. Moreover, to the best of our knowledge, although some countermeasures based on access control have been reported for attacks exploiting WebView, no mechanism for monitoring web access via WebView has been proposed and no analysis results focusing on web access via WebView are available. In consideration of this limitation, we propose a web access monitoring mechanism for Android WebView to analyze web access via WebView and clarify attacks exploiting WebView. In this paper, we present the design and implementation of this mechanism by modifying Chromium WebView without any modifications to the Android framework or Linux kernel. The evaluation results of the performance achieved on introducing the proposed mechanism are also presented here. Moreover, the result of threat analysis of displaying a fake virus alert while browsing websites on Android is discussed to demonstrate the effectiveness of the proposed mechanism.

Funder

National Institute of Information and Communications Technology

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Safety, Risk, Reliability and Quality,Information Systems,Software

Link

https://link.springer.com/content/pdf/10.1007/s10207-020-00534-3.pdf

Reference21 articles.

1. Wikipedia: Android (operating system). https://en.wikipedia.org/wiki/Android$$\_$$\$operating$$\_$$system)#Market$$\_$$share\$ (2019). Accessed 24 Dec 2019

2. Mobile Threat Report: McAfee Mobile Threat Report Q1, 2018. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-mobile-threat-report-2018.pdf (2018). Accessed 4 June 2019

3. Wandera: Android Malware: 4 Ways Hackers are Infecting Phones with Viruses. https://www.wandera.com/malware-on-android/ (2018). Accessed 4 June 2019

4. Luo, T., Hao, H., Du, W., Wang, Y., Yin, H.: Attacks on WebView in the Android system. In: Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC’11), pp. 343–352 (2011)

5. Mutchler, P., Doupé, A., Mitchell, J., Kruegel, C., Vigna, G.: A large-scale study of mobile Web App security. In: Proceedings of the Mobile Security Technologies Workshop (MoST’15) (2015)

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. CrowdFunding Application For Waqf Donation;2021 4th International Conference of Computer and Informatics Engineering (IC2IE);2021-09-14