Droids in Disarray: Detecting Frame Confusion in Hybrid Android Apps - Data and Applications Security and Privacy XXXIII
Conference Papers Year : 2019

Droids in Disarray: Detecting Frame Confusion in Hybrid Android Apps

Abstract

Frame Confusion is a vulnerability affecting hybrid applications which allows circumventing the isolation granted by the Same-Origin Policy. The detection of such vulnerability is still carried out manually by application developers, but the process is error-prone and often underestimated. In this paper, we propose a sound and complete methodology to detect the Frame Confusion on Android as well as a publicly-released tool (i.e., FCDroid) which implements such methodology and allows to detect the Frame Confusion in hybrid applications, automatically. We also discuss an empirical assessment carried out on a set of 50K applications using FCDroid, which revealed that a lot of hybrid applications suffer from Frame Confusion. Finally, we show how to exploit Frame Confusion on a news application to steal the user’s credentials.
Fichier principal
Vignette du fichier
480962_1_En_7_Chapter.pdf (789.47 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-02384600 , version 1 (28-11-2019)

Licence

Identifiers

Cite

Davide Caputo, Luca Verderame, Simone Aonzo, Alessio Merlo. Droids in Disarray: Detecting Frame Confusion in Hybrid Android Apps. 33th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2019, Charleston, SC, United States. pp.121-139, ⟨10.1007/978-3-030-22479-0_7⟩. ⟨hal-02384600⟩
81 View
65 Download

Altmetric

Share

More