![]() ![]() Moreover, previous studies have reported attacks exploiting WebView and presented countermeasures against these attacks. Therein lies the difference between web browsers and WebView.Īlthough WebView can use only Google Safe Browsing, this measure alone is not enough to protect web access via WebView, especially from fake virus alerts, which use malvertising to redirect the users to web pages and scam the users into installing the suspicious Android app. Therefore, when Android app developers develop an app without considering the security, attackers may exploit the security vulnerabilities of the app to target innocent users. The implementation of WebView depends on Android app developers, and most Android apps that use WebView are not developed by recognized companies their trustworthiness is therefore not guaranteed. In the Android app store managed by Google, WebView was used by approximately 86% of Android apps as of 2011 and 85% of Android apps as of June 2014. Many Android apps use WebView to display webpages and advertisements inside the apps. On the other hand, the use of WebView depends on Android app developers, which differs from use of the web browser app. Additionally, a conventional web browser app can use plugins and its own security function, indicating that it can protect web access via the conventional web browser app. They are developed by recognized companies that can be trusted. ![]() Web browser apps or embedded browsers (e.g., WebView) are used for browsing web pages on Android devices. Thus, it is necessary to take preventive measures on mobile devices against these attacks. In addition, the attacks on mobile devices mostly use scamming strategies, whereas the attacks on PCs infect them with malware directly (i.e., drive-by-download). It is assumed that mobile malware authors have set their sights firmly on monetization. Moreover, the Google Play Store can also be under attack, especially in the form of ad click frauds, which is the most common scam targeting users. The methods of infiltrating Android devices with malware include malvertising and scams. Although it took 20 years to reach two million malware samples on the personal computer (PC) environment, it took only 5 years to reach the same number of samples on mobile devices. In addition, as mobile devices have become more popular, mobile web browsing has surpassed desktop browser use and the number of mobile malware cases has increased. Android devices have held the biggest share in the global smartphone market since 2011. Mobile devices (e.g., smartphones) have been widely used around the world for many years now. Moreover, the result of threat analysis of displaying a fake virus alert while browsing websites on Android is discussed to demonstrate the effectiveness of the proposed mechanism. The evaluation results of the performance achieved on introducing the proposed mechanism are also presented here. In this paper, we present the design and implementation of this mechanism by modifying Chromium WebView without any modifications to the Android framework or Linux kernel. In consideration of this limitation, we propose a web access monitoring mechanism for Android WebView to analyze web access via WebView and clarify attacks exploiting WebView. Moreover, to the best of our knowledge, although some countermeasures based on access control have been reported for attacks exploiting WebView, no mechanism for monitoring web access via WebView has been proposed and no analysis results focusing on web access via WebView are available. However, WebView might also be used for cyberattacks. Many Android apps employ WebView, a component that enables the display of web content in the apps without redirecting users to web browser apps. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |