Access Control to Prevent Attacks Exploiting Vulnerabilities of WebView in Android OS

@article{Yu2013AccessCT,
  title={Access Control to Prevent Attacks Exploiting Vulnerabilities of WebView in Android OS},
  author={Jing Yu and Toshihiro Yamauchi},
  journal={2013 IEEE 10th International Conference on High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing},
  year={2013},
  pages={1628-1633}
}
Android applications that using WebView can load and display web pages. Furthermore, by using the APIs provided in WebView, Android applications can interact with web pages. The interaction allows JavaScript code within the web pages to access resources on the Android device by using the Java object, which is registered into WebView. If this WebView feature were exploited by an attacker, JavaScript code could be used to launch attacks, such as stealing from or tampering personal information in… CONTINUE READING