English
Related papers

Related papers: Cross Site Request Forgery on Android WebView

200 papers

With the digital breakthrough, smart phones have become very essential component. Mobile devices are very attractive attack surface for cyber thieves as they hold personal details (accounts, locations, contacts, photos) and have potential…

Cryptography and Security · Computer Science 2017-09-22 Shweta Bhandari , Wafa Ben Jaballah , Vineeta Jain , Vijay Laxmi , Akka Zemmari , Manoj Singh Gaur , Mohamed Mosbah , Mauro Conti

WebView is a UI widget that helps integrate web applications into the native context of Android apps. It provides powerful mechanisms for bi-directional interactions between the native-end (Java) and the web-end (JavaScript) of an Android…

Software Engineering · Computer Science 2023-06-07 Jiajun Hu , Lili Wei , Yepang Liu , Shing-Chi Cheung

Modern single page web applications require client-side executions of application logic, including critical functionality such as client-side cryptography. Existing mechanisms such as TLS and Subresource Integrity secure the communication…

Cryptography and Security · Computer Science 2024-10-23 Echo Meißner , Frank Kargl , Benjamin Erb

Mobile devices that connect to the Internet via cellular networks are rapidly becoming the primary medium for accessing Web content. Cellular service providers (CSPs) commonly deploy Web proxies and other middleboxes for security,…

Networking and Internet Architecture · Computer Science 2015-11-17 Huijing Zhang , David Choffnes

We introduce the Android Security Framework (ASF), a generic, extensible security framework for Android that enables the development and integration of a wide spectrum of security models in form of code-based security modules. The design of…

Cryptography and Security · Computer Science 2014-04-08 Michael Backes , Sven Bugiel , Sebastian Gerling , Philipp von Styp-Rekowsky

Android is among the popular platforms running on millions of smart devices, like smartphones and tablets, whose widespread adoption is seen as an opportunity for spreading malware. Adding malicious payloads to cracked applications, often…

Cryptography and Security · Computer Science 2019-03-13 Konstantinos-Panagiotis Grammatikakis , Angela Ioannou , Stavros Shiaeles , Nicholas Kolokotronis

Relying on ubiquitous Internet connectivity, applications on mobile devices frequently perform web requests during their execution. They fetch data for users to interact with, invoke remote functionalities, or send user-generated content or…

Software Engineering · Computer Science 2017-05-22 Marianna Rapoport , Philippe Suter , Erik Wittern , Ondřej Lhoták , Julian Dolby

We show how an off-path (spoofing-only) attacker can perform cross-site scripting (XSS), cross-site request forgery (CSRF) and site spoofing/defacement attacks, without requiring vulnerabilities in either web-browser or server and…

Cryptography and Security · Computer Science 2012-05-01 Yossi Gilad , Amir Herzberg

WebRTC is an API that allows users to share streaming information, whether it is text, sound, video or files. It is supported by all major browsers and has a flexible underlying infrastructure. In this study we review current WebRTC…

Cryptography and Security · Computer Science 2016-01-05 Ben Feher , Lior Sidi , Asaf Shabtai , Rami Puzis

Today, much of our sensitive information is stored inside mobile applications (apps), such as the browsing histories and chatting logs. To safeguard these privacy files, modern mobile systems, notably Android and iOS, use sandboxes to…

Cryptography and Security · Computer Science 2017-02-10 Daoyuan Wu , Rocky K. C. Chang

Web Services are web-based applications made available for web users or remote Web-based programs. In order to promote interoperability, they publish their interfaces in the so-called WSDL file and allow remote call over the network.…

Cryptography and Security · Computer Science 2008-12-23 Azzedine Benameur , Faisal Abdul Kadir , Serge Fenet

Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning…

Cryptography and Security · Computer Science 2023-09-14 MD Asibul Hasan , Md. Mijanur Rahman

In recent years, stealthy Android malware has increasingly adopted sophisticated techniques to bypass automatic detection mechanisms and harden manual analysis. Adversaries typically rely on obfuscation, anti-repacking, steganography,…

Cryptography and Security · Computer Science 2026-02-23 Diego Soi , Silvia Lucia Sanna , Lorenzo Pisu , Leonardo Regano , Giorgio Giacinto

Google's Android is a comprehensive software framework for mobile communication devices (i.e., smartphones, PDAs). The Android framework includes an operating system, middleware and a set of key applications. The incorporation of integrated…

Cryptography and Security · Computer Science 2009-12-31 A. Shabtai , Y. Fledel , U. Kanonov , Y. Elovici , S. Dolev

Third-party security apps are an integral part of the Android app ecosystem. Many users install them as an extra layer of protection for their devices. There are hundreds of such security apps, both free and paid in Google Play Store and…

Cryptography and Security · Computer Science 2020-07-09 Weixian Yao , Yexuan Li , Weiye Lin , Tianhui Hu , Imran Chowdhury , Rahat Masood , Suranga Seneviratne

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may…

Cryptography and Security · Computer Science 2012-05-01 Steffen Bartsch , Karsten Sohr , Michaela Bunke , Oliver Hofrichter , Bernhard Berger

A common security architecture, called the permission-based security model (used e.g. in Android and Blackberry), entails intrinsic risks. For instance, applications can be granted more permissions than they actually need, what we call a…

Cryptography and Security · Computer Science 2013-03-21 Alexandre Bartel , Jacques Klein , Martin Monperrus , Yves Le Traon

Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By…

Cryptography and Security · Computer Science 2016-09-14 Daoyuan Wu , Debin Gao , Yingjiu Li , Robert H. Deng

Device fingerprinting is a widely used technique that allows a third party to identify a particular device. Applications of device fingerprinting include authentication, attacker identification, or software license binding. Device…

Cryptography and Security · Computer Science 2023-09-18 Alberto Fernandez-de-Retana , Igor Santos-Grueiro

Mobile payments have increased significantly in the recent years and one-to-one money transfers are offered by a wide variety of smartphone applications. These applications usually support scan-and-pay -- a technique that allows a payer to…

Cryptography and Security · Computer Science 2019-05-27 Enis Ulqinaku , Julinda Stefa , Alessandro Mei