English
Related papers

Related papers: Cross-site Scripting Attacks on Android WebView

200 papers

Web Services are web-based applications made available for web users or remote Web-based programs. In order to promote interoperability, they publish their interfaces in the so-called WSDL file and allow remote call over the network.…

Cryptography and Security · Computer Science 2008-12-23 Azzedine Benameur , Faisal Abdul Kadir , Serge Fenet

Mini-programs, an emerging mobile application paradigm within super-apps, offer a seamless and installation-free experience. However, the adoption of the web-view component has disrupted their isolation mechanisms, exposing new attack…

Cryptography and Security · Computer Science 2025-10-29 Miao Zhang , Shenao Wang , Guilin Zheng , Yanjie Zhao , Haoyu Wang

Service Workers (SWs) are a powerful feature at the core of Progressive Web Apps, namely web applications that can continue to function when the user's device is offline and that have access to device sensors and capabilities previously…

Cryptography and Security · Computer Science 2024-09-02 Karthika Subramani , Jordan Jueckstock , Alexandros Kapravelos , Roberto Perdisci

The increasing reliance on web services has led to a rise in cybersecurity threats, particularly Cross-Site Scripting (XSS) attacks, which target client-side layers of web applications by injecting malicious scripts. Traditional Web…

Cryptography and Security · Computer Science 2025-04-14 Vahid Babaey , Arun Ravindran

WebView applications are widely used in mobile applications to display web content directly within the app, enhancing user engagement by eliminating the need to open an external browser and providing a seamless experience. Progressive Web…

Cryptography and Security · Computer Science 2025-08-12 Sajib Talukder , Nur Imtiazul Haque , Khandakar Ashrafi Akbar

Computing platforms such as smartphones frequently access Web content using many separate applications rather than a single Web browser application. These applications often deal with sensitive user information such as financial data or…

Cryptography and Security · Computer Science 2014-10-29 Vasant Tendulkar , William Enck

Web communication has become an indispensable characteristic of mobile apps. However, it is not clear what data the apps transmit, to whom, and what consequences such transmissions have. We analyzed the web communications found in mobile…

Cryptography and Security · Computer Science 2020-06-03 Pascal Gadient , Mohammad Ghafari , Marc-Andrea Tarnutzer , Oscar Nierstrasz

Numerous studies demonstrated that browser fingerprinting is detrimental to users' security and privacy. However, little is known about the effects of browser fingerprinting on Android hybrid apps -- where a stripped-down Chromium browser…

Cryptography and Security · Computer Science 2022-08-04 Abhishek Tiwari , Jyoti Prakash , Alimerdan Rahimov , Christian Hammer

We demonstrate how AI-powered cybersecurity tools can be turned against themselves through prompt injection attacks. Prompt injection is reminiscent of cross-site scripting (XSS): malicious text is hidden within seemingly trusted content,…

Cryptography and Security · Computer Science 2025-11-18 Víctor Mayoral-Vilches , Per Mannermaa Rynning

Cross-Site Scripting (XSS) is a prevalent and well known security problem in web applications. Numerous methods to automatically analyze and detect these vulnerabilities exist. However, all of these methods require that either code or…

Cryptography and Security · Computer Science 2025-02-23 Robin Kirchner , Jonas Möller , Marius Musch , David Klein , Konrad Rieck , Martin Johns

Android is a widely used operating system that employs a permission-based access control model. The Android Permissions System (APS) is responsible for mediating application resource requests. APS is a critical component of the Android…

Cryptography and Security · Computer Science 2022-08-24 Amirhosein Sayyadabdi , Behrouz Tork Ladani , Bahman Zamani

This paper presents a measurement study of information leakage and SSL vulnerabilities in popular Android apps. We perform static and dynamic analysis on 100 apps, downloaded at least 10M times, that request full network access. Our…

Cryptography and Security · Computer Science 2015-05-05 Lucky Onwuzurike , Emiliano De Cristofaro

Mobile applications, particularly those from social media platforms such as WeChat and TikTok, are evolving into "super apps" that offer a wide range of services such as instant messaging and media sharing, e-commerce, e-learning, and…

Cryptography and Security · Computer Science 2023-06-16 Chao Wang , Yue Zhang , Zhiqiang Lin

We show how an off-path (spoofing-only) attacker can perform cross-site scripting (XSS), cross-site request forgery (CSRF) and site spoofing/defacement attacks, without requiring vulnerabilities in either web-browser or server and…

Cryptography and Security · Computer Science 2012-05-01 Yossi Gilad , Amir Herzberg

Detection and mitigation of critical web vulnerabilities and attacks like cross-site scripting (XSS), and cross-site request forgery (CSRF) have been a great concern in the field of web security. Such web attacks are evolving and becoming…

Cryptography and Security · Computer Science 2023-05-01 Mahnoor Shahid

The global rise of online users and online devices has ultimately given rise to the global internet population apart from several cybercrimes and cyberattacks. The combination of emerging new technology and powerful algorithms (of…

Cryptography and Security · Computer Science 2024-02-05 Naresh Kshetri , Dilip Kumar , James Hutson , Navneet Kaur , Omar Faruq Osama

A common security architecture, called the permission-based security model (used e.g. in Android and Blackberry), entails intrinsic risks. For instance, applications can be granted more permissions than they actually need, what we call a…

Cryptography and Security · Computer Science 2013-03-21 Alexandre Bartel , Jacques Klein , Martin Monperrus , Yves Le Traon

Android allows apps to communicate with its system services via system service helpers so that these apps can use various functions provided by the system services. Meanwhile, the system services rely on their service helpers to enforce…

Cryptography and Security · Computer Science 2022-03-25 Yi He , Yacong Gu , Purui Su , Kun Sun , Yajin Zhou , Zhi Wang , Qi Li

WebView is a UI widget that helps integrate web applications into the native context of Android apps. It provides powerful mechanisms for bi-directional interactions between the native-end (Java) and the web-end (JavaScript) of an Android…

Software Engineering · Computer Science 2023-06-07 Jiajun Hu , Lili Wei , Yepang Liu , Shing-Chi Cheung

We present XSnare, a fully client-side XSS solution, implemented as a Firefox extension. Our approach takes advantage of available previous knowledge of a web application's HTML template content, as well as the rich context available in the…

Cryptography and Security · Computer Science 2020-05-19 Jose Carlos Pazos , Jean-Sebastien Legare , Ivan Beschastnikh , William Aiello