| Title | Cross-site Scripting Attacks on Android Hybrid Applications |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Bao, Wenying, Yao, Wenbin, Zong, Ming, Wang, Dongbin |
| Conference Name | Proceedings of the 2017 International Conference on Cryptography, Security and Privacy |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4867-6 |
| Keywords | Cross Site Scripting, Cross Site Scripting (XSS), Cross-site Scripting Attacks, Human Behavior, human factor, human factors, Hybrid Applications, pubcrawl, resilience, Resiliency, Scalability, WebView |
| Abstract | Hybrid mobile applications are coded in both standard web languages and native language. The including of web technologies results in that Hybrid applications introduce more security risks than the traditional web applications, which have more possible channels to inject malicious codes to gain much more powerful privileges. In this paper, Cross-site Scripting attacks specific to Android Hybrid apps developed with PhoneGap framework are investigated. We find out that the XSS vulnerability on Hybrid apps makes it possible for attackers to bypass the access control policies of WebView and WebKit to run malicious codes into victim's WebView. With the PhoneGap plugins, the malicious codes can steal user's private information and destroy user's file system, which are more damaging than cookie stealing. |
| URL | http://doi.acm.org/10.1145/3058060.3058076 |
| DOI | 10.1145/3058060.3058076 |
| Citation Key | bao_cross-site_2017 |
Cross-site Scripting Attacks on Android Hybrid Applications