TY - GEN
T1 - (Short Paper) method for preventing suspicious web access in android WebView
AU - Sato, Masaya
AU - Imamura, Yuta
AU - Orito, Rintaro
AU - Yamauchi, Toshihiro
N1 - Funding Information:
The research results have been achieved by ?WarpDrive: Web-based Attack Response with Practical and Deployable Research InitiatiVE,? the Commissioned Research of National Institute of Information and Communications Technology (NICT), Japan.
Publisher Copyright:
© 2019, Springer Nature Switzerland AG.
PY - 2019
Y1 - 2019
N2 - WebView is commonly used by applications on the Android OS. Given that WebView is used as a browsing component on applications, they can be attacked via the web. Existing security mechanisms mainly focus on web browsers; hence, securing WebView is an important challenge. We proposed and implemented a method for preventing suspicious web access in Android WebView. Attackers distribute their malicious content including malicious applications, potentially unwanted programs, and coin miners, by inserting contents into a web page. Because loading malicious content involves HTTP communication, our proposed method monitors HTTP communication by WebView and blocks suspicious web accesses. To apply the proposed method to widely used applications, we implemented our method inside WebView. We also evaluated the proposed method with some popular applications and confirmed that the method can block designated web content without impeding the functionality of applications.
AB - WebView is commonly used by applications on the Android OS. Given that WebView is used as a browsing component on applications, they can be attacked via the web. Existing security mechanisms mainly focus on web browsers; hence, securing WebView is an important challenge. We proposed and implemented a method for preventing suspicious web access in Android WebView. Attackers distribute their malicious content including malicious applications, potentially unwanted programs, and coin miners, by inserting contents into a web page. Because loading malicious content involves HTTP communication, our proposed method monitors HTTP communication by WebView and blocks suspicious web accesses. To apply the proposed method to widely used applications, we implemented our method inside WebView. We also evaluated the proposed method with some popular applications and confirmed that the method can block designated web content without impeding the functionality of applications.
KW - Android
KW - Content blocking
KW - HTTP communication
KW - Web access
KW - WebView
UR - http://www.scopus.com/inward/record.url?scp=85071501635&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85071501635&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-26834-3_14
DO - 10.1007/978-3-030-26834-3_14
M3 - Conference contribution
AN - SCOPUS:85071501635
SN - 9783030268336
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 241
EP - 250
BT - Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Proceedings
A2 - Attrapadung, Nuttapong
A2 - Yagi, Takeshi
PB - Springer Verlag
T2 - 14th International Workshop on Security, IWSEC 2019
Y2 - 28 August 2019 through 30 August 2019
ER -