Netinfo Security ›› 2015, Vol. 15 ›› Issue (10): 61-65.doi: 10.3969/j.issn.1671-1122.2015.10.009

Previous Articles     Next Articles

Research on the Security of Android WebView and Application Enhancement

ZHAO Guang-ze(), LI Hui, MENG Yang   

  1. School of Computer Science, Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Received:2015-06-13 Online:2015-10-01 Published:2015-11-04

Abstract:

Android platform provides WebView component to load and display webpage.By calling the APIs provided by WebView, Android applications can interact with the webpage.This interaction includes allowing javascript code in webpage to access the local resources by calling java code in Android applications.In this process, an attacker can tamper with the javascript in webpage to attack Android applications.Based on our research, such attacks usually use the reverse engineering of Android applications to get accessible WebView interface as its first step.Thus, in order to avoid these attacks, this paper proposed an application enhancement scheme to prevent Android reverse engineering and hide WebView component interface in order to protect the Android applications.This scheme can prevent not only attacks on WebView component, but also other attacks based on Android reverse engineering.

Key words: Android, security, WebView, application enhancement

CLC Number: