Abstract
WebView is commonly used by applications on the Android OS. Given that WebView is used as a browsing component on applications, they can be attacked via the web. Existing security mechanisms mainly focus on web browsers; hence, securing WebView is an important challenge. We proposed and implemented a method for preventing suspicious web access in Android WebView. Attackers distribute their malicious content including malicious applications, potentially unwanted programs, and coin miners, by inserting contents into a web page. Because loading malicious content involves HTTP communication, our proposed method monitors HTTP communication by WebView and blocks suspicious web accesses. To apply the proposed method to widely used applications, we implemented our method inside WebView. We also evaluated the proposed method with some popular applications and confirmed that the method can block designated web content without impeding the functionality of applications.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
StatCounter: Mobile operating system market share worldwide. http://gs.statcounter.com/os-market-share/mobile/worldwide. Accessed 2 Apr 2019
Acar, Y., Backes, M., Bugiel, S., Fahl, S., McDaniel, P., Smith, M.: Sok: Lessons learned from android security research for appified software platforms. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 433–451. IEEE (2016)
Hur, J.B., Shamsi, J.A.: A survey on security issues, vulnerabilities and attacks in android based smartphone. In: 2017 International Conference on Information and Communication Technologies (ICICT), pp. 40–46. IEEE (2017). https://doi.org/10.1109/ICICT.2017.8320163
Google: Safe Browsing. https://safebrowsing.google.com/. Accessed 2 Apr 2019
Chin, E., Wagner, D.: Bifocals: analyzing webview vulnerabilities in android applications. In: Kim, Y., Lee, H., Perrig, A. (eds.) WISA 2013. LNCS, vol. 8267, pp. 138–159. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-05149-9_9
Zhu, X., Li, J.: AdCapsule: Practical confinement of advertisements in android applications. In: IEEE Transactions on Dependable and Secure Computing. IEEE (2018). https://doi.org/10.1109/TDSC.2018.2814999
Alan, H.F., Kaur, J.: Can android applications be identified using only TCP/IP headers of their launch time traffic? In: Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, pp. 61–66. ACM (2016). https://doi.org/10.1145/2939918.2939929
Imamura, Y., Uekawa, H., Ishihara, Y., Sato, M., Yamauchi, T.: Web access monitoring mechanism for android webview. In: Proceedings of the Australasian Computer Science Week Multiconference, pp. 1:1–1:8. ACM (2018). https://doi.org/10.1145/3167918.3167942
Dou, Z., Khalil, I., Khreishah, A., Al-Fuqaha, A., Guizani, M.: Systematization of knowledge (SoK): a systematic review of software-based web phishing detection. IEEE Commun. Surv. Tutor. 19(4), 2797–2819 (2017). https://doi.org/10.1109/COMST.2017.2752087
Lever, C., Kotzias, P., Balzarotti, D., Caballero, J., Antonakakis, M.: A lustrum of malware network communication: evolution and insights. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 788–804. IEEE (2017)
Rüth, J., Zimmermann, T., Wolsing, K., Hohlfeld, O.: Digging into browser-based crypto mining. In: Proceedings of the Internet Measurement Conference 2018, pp. 70–76. ACM (2018). https://doi.org/10.1145/3278532.3278539
Coinhive: Coinhive. https://coinhive.com/. Accessed 3 Dec 2018
Check Point: 2017 Global Cyber Attack Trends Report. https://research.checkpoint.com/cyber-attack-trends-mid-year-report/. Accessed 2 Apr 2019
Segura, J.: Drive-by cryptomining campaign targets millions of Android users. https://blog.malwarebytes.com/threat-analysis/2018/02/drive-by-cryptomining-campaign-attracts-millions-of-android-users/. Accessed 2 Apr 2019
Krebs, B.: Who and what is coinhive? https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/. Accessed 2 Apr 2019
Acknowledgement
The research results have been achieved by “WarpDrive: Web-based Attack Response with Practical and Deployable Research InitiatiVE,” the Commissioned Research of National Institute of Information and Communications Technology (NICT), Japan.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Sato, M., Imamura, Y., Orito, R., Yamauchi, T. (2019). (Short Paper) Method for Preventing Suspicious Web Access in Android WebView. In: Attrapadung, N., Yagi, T. (eds) Advances in Information and Computer Security. IWSEC 2019. Lecture Notes in Computer Science(), vol 11689. Springer, Cham. https://doi.org/10.1007/978-3-030-26834-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-26834-3_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-26833-6
Online ISBN: 978-3-030-26834-3
eBook Packages: Computer ScienceComputer Science (R0)