(Short Paper) method for preventing suspicious web access in android WebView

Masaya Sato, Yuta Imamura, Rintaro Orito, Toshihiro Yamauchi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

WebView is commonly used by applications on the Android OS. Given that WebView is used as a browsing component on applications, they can be attacked via the web. Existing security mechanisms mainly focus on web browsers; hence, securing WebView is an important challenge. We proposed and implemented a method for preventing suspicious web access in Android WebView. Attackers distribute their malicious content including malicious applications, potentially unwanted programs, and coin miners, by inserting contents into a web page. Because loading malicious content involves HTTP communication, our proposed method monitors HTTP communication by WebView and blocks suspicious web accesses. To apply the proposed method to widely used applications, we implemented our method inside WebView. We also evaluated the proposed method with some popular applications and confirmed that the method can block designated web content without impeding the functionality of applications.

Original languageEnglish
Title of host publicationAdvances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings
EditorsNuttapong Attrapadung, Takeshi Yagi
PublisherSpringer Verlag
Pages241-250
Number of pages10
ISBN (Print)9783030268336
DOIs
Publication statusPublished - Jan 1 2019
Event14th International Workshop on Security, IWSEC 2019 - Tokyo, Japan
Duration: Aug 28 2019Aug 30 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11689 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference14th International Workshop on Security, IWSEC 2019
CountryJapan
CityTokyo
Period8/28/198/30/19

Fingerprint

HTTP
World Wide Web
Web browsers
Miners
Communication
Browsing
Websites
Monitor

Keywords

  • Android
  • Content blocking
  • HTTP communication
  • Web access
  • WebView

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Sato, M., Imamura, Y., Orito, R., & Yamauchi, T. (2019). (Short Paper) method for preventing suspicious web access in android WebView. In N. Attrapadung, & T. Yagi (Eds.), Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings (pp. 241-250). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11689 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-26834-3_14

(Short Paper) method for preventing suspicious web access in android WebView. / Sato, Masaya; Imamura, Yuta; Orito, Rintaro; Yamauchi, Toshihiro.

Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings. ed. / Nuttapong Attrapadung; Takeshi Yagi. Springer Verlag, 2019. p. 241-250 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11689 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sato, M, Imamura, Y, Orito, R & Yamauchi, T 2019, (Short Paper) method for preventing suspicious web access in android WebView. in N Attrapadung & T Yagi (eds), Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11689 LNCS, Springer Verlag, pp. 241-250, 14th International Workshop on Security, IWSEC 2019, Tokyo, Japan, 8/28/19. https://doi.org/10.1007/978-3-030-26834-3_14
Sato M, Imamura Y, Orito R, Yamauchi T. (Short Paper) method for preventing suspicious web access in android WebView. In Attrapadung N, Yagi T, editors, Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings. Springer Verlag. 2019. p. 241-250. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-26834-3_14
Sato, Masaya ; Imamura, Yuta ; Orito, Rintaro ; Yamauchi, Toshihiro. / (Short Paper) method for preventing suspicious web access in android WebView. Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings. editor / Nuttapong Attrapadung ; Takeshi Yagi. Springer Verlag, 2019. pp. 241-250 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{8243826201094affbd21958ae55e203b,
title = "(Short Paper) method for preventing suspicious web access in android WebView",
abstract = "WebView is commonly used by applications on the Android OS. Given that WebView is used as a browsing component on applications, they can be attacked via the web. Existing security mechanisms mainly focus on web browsers; hence, securing WebView is an important challenge. We proposed and implemented a method for preventing suspicious web access in Android WebView. Attackers distribute their malicious content including malicious applications, potentially unwanted programs, and coin miners, by inserting contents into a web page. Because loading malicious content involves HTTP communication, our proposed method monitors HTTP communication by WebView and blocks suspicious web accesses. To apply the proposed method to widely used applications, we implemented our method inside WebView. We also evaluated the proposed method with some popular applications and confirmed that the method can block designated web content without impeding the functionality of applications.",
keywords = "Android, Content blocking, HTTP communication, Web access, WebView",
author = "Masaya Sato and Yuta Imamura and Rintaro Orito and Toshihiro Yamauchi",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/978-3-030-26834-3_14",
language = "English",
isbn = "9783030268336",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "241--250",
editor = "Nuttapong Attrapadung and Takeshi Yagi",
booktitle = "Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings",

}

TY - GEN

T1 - (Short Paper) method for preventing suspicious web access in android WebView

AU - Sato, Masaya

AU - Imamura, Yuta

AU - Orito, Rintaro

AU - Yamauchi, Toshihiro

PY - 2019/1/1

Y1 - 2019/1/1

N2 - WebView is commonly used by applications on the Android OS. Given that WebView is used as a browsing component on applications, they can be attacked via the web. Existing security mechanisms mainly focus on web browsers; hence, securing WebView is an important challenge. We proposed and implemented a method for preventing suspicious web access in Android WebView. Attackers distribute their malicious content including malicious applications, potentially unwanted programs, and coin miners, by inserting contents into a web page. Because loading malicious content involves HTTP communication, our proposed method monitors HTTP communication by WebView and blocks suspicious web accesses. To apply the proposed method to widely used applications, we implemented our method inside WebView. We also evaluated the proposed method with some popular applications and confirmed that the method can block designated web content without impeding the functionality of applications.

AB - WebView is commonly used by applications on the Android OS. Given that WebView is used as a browsing component on applications, they can be attacked via the web. Existing security mechanisms mainly focus on web browsers; hence, securing WebView is an important challenge. We proposed and implemented a method for preventing suspicious web access in Android WebView. Attackers distribute their malicious content including malicious applications, potentially unwanted programs, and coin miners, by inserting contents into a web page. Because loading malicious content involves HTTP communication, our proposed method monitors HTTP communication by WebView and blocks suspicious web accesses. To apply the proposed method to widely used applications, we implemented our method inside WebView. We also evaluated the proposed method with some popular applications and confirmed that the method can block designated web content without impeding the functionality of applications.

KW - Android

KW - Content blocking

KW - HTTP communication

KW - Web access

KW - WebView

UR - http://www.scopus.com/inward/record.url?scp=85071501635&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85071501635&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-26834-3_14

DO - 10.1007/978-3-030-26834-3_14

M3 - Conference contribution

SN - 9783030268336

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 241

EP - 250

BT - Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings

A2 - Attrapadung, Nuttapong

A2 - Yagi, Takeshi

PB - Springer Verlag

ER -