Attacks And Defense Mechanisms On WebView In The Android System

Both in Android platform and iOS platform, WebView is a very importantcomponent. By using WebView, tablet and smartphone apps can embed a very powerfulbut simple browser inside them. WebView provides a series of APIs in order to achievea better interaction between apps and their embedded “browsers”. These APIs allowingapp’s java code to invoke web page’s JavaScript code, intercept their events, and modifytheir events, in reverse, it also can be done.Apps can become exclusive browsers for theexpectant web applications by using these API’s features. Currently, in the Androidmarket, among the top20most high-rated apps in10diverse categories, almost90%ofthem use WebView.The design of WebView changes the development status of the Web, especially inthe area of security. Because of the use of WebView and its APIs, two basic aspects ofWeb’s security infrastructure are weakened: the Trusted Computing Base (TCB) at theclient side, and the sandbox protection implemented by browsers. We classify theseAPIs in two categories: One is APIs based on web, the other one is APIs based on UI.We study the attacks case using these APIs. Then we study the fundamental reason thatcause these attacks, and formulate a universal model called the container threat model.We hold the point that the attacks are feasible because of the system’s failure to protectvisual integrity. From this angle, we study the existing countermeasures and propose auniversal approach, so that to develop a Trusted Display Base (TDB) to solve thisproblem. We transfer the lost visual information to users by using the side channel.From the point of view of access control, we make sure that the server can enforcedifferent restrictive measure based on different client-side scenarios, by using thedynamic binding policy model.The contribution of our work is the following:1.We analyze and summarize the attack based on WebView.2.We fomulate the container threat model, and try to solve this attack model onandroid platform.3.We transfer the lost visual information to users by using the side channel, andpropose a new type of dynamic binding policy model to defeat the attacks on visualintegrity on android platform.