Mobile browsers are beginning to serve as critical enablers of modern computing. With a combination of rich features that rival their desktop counterparts and strong security mechanisms such as TLS/SSL, these mobile browsers are becoming the basis of many other mobile apps. Unfortunately, the security guarantees provided by mobile browsers and the risks associated with today?s mobile web have not been evaluated in great detail. This project investigates the security of mobile browsers, the applications that build on them through APIs such as WebViews and the mobile specific websites they access. This research differs significantly from prior work; whereas previous research has focused largely on stand-alone, third-party applications, our work focuses on mobile browsers and the increasing number of applications using them as their basis for delivering content. Moreover, our work measures the extent to which the mobile web itself is vulnerable. The combination of these efforts aims to create the first longitudinal and principled study of the mobile web ecosystem.
TWC: Small: Collaborative: Characterizing the Security Limitations of Accessing the Mobile Web