(Short Paper) method for preventing suspicious web access in android WebView

Masaya Sato; Yuta Imamura; Rintaro Orito; Toshihiro Yamauchi

doi:10.1007/978-3-030-26834-3_14

(Short Paper) method for preventing suspicious web access in android WebView

Masaya Sato, Yuta Imamura, Rintaro Orito, Toshihiro Yamauchi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

WebView is commonly used by applications on the Android OS. Given that WebView is used as a browsing component on applications, they can be attacked via the web. Existing security mechanisms mainly focus on web browsers; hence, securing WebView is an important challenge. We proposed and implemented a method for preventing suspicious web access in Android WebView. Attackers distribute their malicious content including malicious applications, potentially unwanted programs, and coin miners, by inserting contents into a web page. Because loading malicious content involves HTTP communication, our proposed method monitors HTTP communication by WebView and blocks suspicious web accesses. To apply the proposed method to widely used applications, we implemented our method inside WebView. We also evaluated the proposed method with some popular applications and confirmed that the method can block designated web content without impeding the functionality of applications.

Original language	English
Title of host publication	Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings
Editors	Nuttapong Attrapadung, Takeshi Yagi
Publisher	Springer Verlag
Pages	241-250
Number of pages	10
ISBN (Print)	9783030268336
DOIs	https://doi.org/10.1007/978-3-030-26834-3_14
Publication status	Published - Jan 1 2019
Event	14th International Workshop on Security, IWSEC 2019 - Tokyo, Japan Duration: Aug 28 2019 → Aug 30 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11689 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	14th International Workshop on Security, IWSEC 2019
Country	Japan
City	Tokyo
Period	8/28/19 → 8/30/19

Fingerprint

Keywords

Android
Content blocking
HTTP communication
Web access
WebView

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Cite this

Sato, M., Imamura, Y., Orito, R., & Yamauchi, T. (2019). (Short Paper) method for preventing suspicious web access in android WebView. In N. Attrapadung, & T. Yagi (Eds.), Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings (pp. 241-250). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11689 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-26834-3_14

(Short Paper) method for preventing suspicious web access in android WebView. / Sato, Masaya; Imamura, Yuta; Orito, Rintaro; Yamauchi, Toshihiro.

Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings. ed. / Nuttapong Attrapadung; Takeshi Yagi. Springer Verlag, 2019. p. 241-250 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11689 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sato, M, Imamura, Y, Orito, R & Yamauchi, T 2019, (Short Paper) method for preventing suspicious web access in android WebView. in N Attrapadung & T Yagi (eds), Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11689 LNCS, Springer Verlag, pp. 241-250, 14th International Workshop on Security, IWSEC 2019, Tokyo, Japan, 8/28/19. https://doi.org/10.1007/978-3-030-26834-3_14

Sato M, Imamura Y, Orito R, Yamauchi T. (Short Paper) method for preventing suspicious web access in android WebView. In Attrapadung N, Yagi T, editors, Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings. Springer Verlag. 2019. p. 241-250. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-26834-3_14

Sato, Masaya ; Imamura, Yuta ; Orito, Rintaro ; Yamauchi, Toshihiro. / (Short Paper) method for preventing suspicious web access in android WebView. Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings. editor / Nuttapong Attrapadung ; Takeshi Yagi. Springer Verlag, 2019. pp. 241-250 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{8243826201094affbd21958ae55e203b,

title = "(Short Paper) method for preventing suspicious web access in android WebView",

abstract = "WebView is commonly used by applications on the Android OS. Given that WebView is used as a browsing component on applications, they can be attacked via the web. Existing security mechanisms mainly focus on web browsers; hence, securing WebView is an important challenge. We proposed and implemented a method for preventing suspicious web access in Android WebView. Attackers distribute their malicious content including malicious applications, potentially unwanted programs, and coin miners, by inserting contents into a web page. Because loading malicious content involves HTTP communication, our proposed method monitors HTTP communication by WebView and blocks suspicious web accesses. To apply the proposed method to widely used applications, we implemented our method inside WebView. We also evaluated the proposed method with some popular applications and confirmed that the method can block designated web content without impeding the functionality of applications.",

keywords = "Android, Content blocking, HTTP communication, Web access, WebView",

author = "Masaya Sato and Yuta Imamura and Rintaro Orito and Toshihiro Yamauchi",

year = "2019",

month = jan,

day = "1",

doi = "10.1007/978-3-030-26834-3_14",

language = "English",

isbn = "9783030268336",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "241--250",

editor = "Nuttapong Attrapadung and Takeshi Yagi",

booktitle = "Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings",

note = "14th International Workshop on Security, IWSEC 2019 ; Conference date: 28-08-2019 Through 30-08-2019",

}

TY - GEN

T1 - (Short Paper) method for preventing suspicious web access in android WebView

AU - Sato, Masaya

AU - Imamura, Yuta

AU - Orito, Rintaro

AU - Yamauchi, Toshihiro

PY - 2019/1/1

Y1 - 2019/1/1

N2 - WebView is commonly used by applications on the Android OS. Given that WebView is used as a browsing component on applications, they can be attacked via the web. Existing security mechanisms mainly focus on web browsers; hence, securing WebView is an important challenge. We proposed and implemented a method for preventing suspicious web access in Android WebView. Attackers distribute their malicious content including malicious applications, potentially unwanted programs, and coin miners, by inserting contents into a web page. Because loading malicious content involves HTTP communication, our proposed method monitors HTTP communication by WebView and blocks suspicious web accesses. To apply the proposed method to widely used applications, we implemented our method inside WebView. We also evaluated the proposed method with some popular applications and confirmed that the method can block designated web content without impeding the functionality of applications.

AB - WebView is commonly used by applications on the Android OS. Given that WebView is used as a browsing component on applications, they can be attacked via the web. Existing security mechanisms mainly focus on web browsers; hence, securing WebView is an important challenge. We proposed and implemented a method for preventing suspicious web access in Android WebView. Attackers distribute their malicious content including malicious applications, potentially unwanted programs, and coin miners, by inserting contents into a web page. Because loading malicious content involves HTTP communication, our proposed method monitors HTTP communication by WebView and blocks suspicious web accesses. To apply the proposed method to widely used applications, we implemented our method inside WebView. We also evaluated the proposed method with some popular applications and confirmed that the method can block designated web content without impeding the functionality of applications.

KW - Android

KW - Content blocking

KW - HTTP communication

KW - Web access

KW - WebView

UR - http://www.scopus.com/inward/record.url?scp=85071501635&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85071501635&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-26834-3_14

DO - 10.1007/978-3-030-26834-3_14

M3 - Conference contribution

AN - SCOPUS:85071501635

SN - 9783030268336

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 241

EP - 250

BT - Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings

A2 - Attrapadung, Nuttapong

A2 - Yagi, Takeshi

PB - Springer Verlag

T2 - 14th International Workshop on Security, IWSEC 2019

Y2 - 28 August 2019 through 30 August 2019

ER -

Access to Document

10.1007/978-3-030-26834-3_14