Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

SU Professor Uncovers Potential Issues with Applications Build for Android Systems

14.10.2011
Wenliang Du, professor of computer science in the L.C. Smith College of Engineering and Computer Science (LCS), has had his paper accepted to be presented at the 27th Annual Computer Security Applications Conference, on potential issues with mobile applications (commonly referred to as apps) written for the Android system using the WebView platform.

Currently, in the Android market, 86 percent of the top 20 most downloaded apps in 10 diverse categories use WebView. With the goal of creating dynamic apps, WebView has enabled developers to embed browsers in their apps allowing users to have a more customized experience that provides opportunities to interact with social media, personal email and other app users. However, Du has discovered that the use of WebView opens app developers and users to potential risks.

There are two major issues addressed in his paper:
Which apps to trust. There are a limited number of web browsers on the Internet (i.e. Firefox, Explorer, Safari, etc.). As a result, users of these browsers can be reasonably assured that they are protected from malicious content. However, WebView allows developers to embed browsers in their apps creating thousands browser applications on mobile platforms and there is no way to determine which apps are trustworthy. Malicious app developers could create apps that steal or modify users’ information in their online accounts, such as Facebook

Dealing with losing the protection of the sandbox. Internet browsers on computers have safeguards, known as the sandbox, that protect user information and prevent personal information from unknowingly being shared throughout the web. As apps have become more dynamic, those safeguards can often impede some of the desired functionality a developer wishes to create. As a result, app developers have slowly begun opening up holes in the protective sandbox to provide a better user experience but as a result user information is no longer as secure.

“In industry, developers are usually carried away by the fancy features they create for their products; they often forget about or underestimate the security problems caused by those features,” says Du. “This has happened many times in the history of computing. The design of WebView in Android is just another example of this.”

Du has submitted a proposal to Google to explore whether there are ways to preserve the nice features of WebView and at the same time make it secure. He and his graduate students are also planning on exploring whether this issue may also affect other smartphone and tablet platforms.

A PhD student, Tongbo Luo, who is currently working with Du on an NSF cybersecurity research grant, had the initial idea to explore weaknesses in the Android system. Luo had taken Du’s courses in computer security and Internet security where students explored both how to identify weaknesses in operating systems and applications as well as how hackers might take advantage of these weaknesses.

Du is passionate about preparing his students to apply the right amount of skepticism to new product introductions. “The goal of both of my security courses is for students to learn take a look at a system or new technology and ask themselves, ‘Is this risky?’”

In spring 2011 both Du and Luo participated in a course on the Android system taught by another LCS professor Heng Yin. As part of this course, Luo chose to explore weaknesses in Android apps that use WebView. Applying lessons from Du’s security courses both Luo and Du were able to uncover the potential risks of this rapidly expanding technology.

Ariel DuChene | EurekAlert!
Further information:
http://www.syr.edu

More articles from Information Technology:

nachricht Construction of practical quantum computers radically simplified
05.12.2016 | University of Sussex

nachricht UT professor develops algorithm to improve online mapping of disaster areas
29.11.2016 | University of Tennessee at Knoxville

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Electron highway inside crystal

Physicists of the University of Würzburg have made an astonishing discovery in a specific type of topological insulators. The effect is due to the structure of the materials used. The researchers have now published their work in the journal Science.

Topological insulators are currently the hot topic in physics according to the newspaper Neue Zürcher Zeitung. Only a few weeks ago, their importance was...

Im Focus: Significantly more productivity in USP lasers

In recent years, lasers with ultrashort pulses (USP) down to the femtosecond range have become established on an industrial scale. They could advance some applications with the much-lauded “cold ablation” – if that meant they would then achieve more throughput. A new generation of process engineering that will address this issue in particular will be discussed at the “4th UKP Workshop – Ultrafast Laser Technology” in April 2017.

Even back in the 1990s, scientists were comparing materials processing with nanosecond, picosecond and femtosesecond pulses. The result was surprising:...

Im Focus: Shape matters when light meets atom

Mapping the interaction of a single atom with a single photon may inform design of quantum devices

Have you ever wondered how you see the world? Vision is about photons of light, which are packets of energy, interacting with the atoms or molecules in what...

Im Focus: Novel silicon etching technique crafts 3-D gradient refractive index micro-optics

A multi-institutional research collaboration has created a novel approach for fabricating three-dimensional micro-optics through the shape-defined formation of porous silicon (PSi), with broad impacts in integrated optoelectronics, imaging, and photovoltaics.

Working with colleagues at Stanford and The Dow Chemical Company, researchers at the University of Illinois at Urbana-Champaign fabricated 3-D birefringent...

Im Focus: Quantum Particles Form Droplets

In experiments with magnetic atoms conducted at extremely low temperatures, scientists have demonstrated a unique phase of matter: The atoms form a new type of quantum liquid or quantum droplet state. These so called quantum droplets may preserve their form in absence of external confinement because of quantum effects. The joint team of experimental physicists from Innsbruck and theoretical physicists from Hannover report on their findings in the journal Physical Review X.

“Our Quantum droplets are in the gas phase but they still drop like a rock,” explains experimental physicist Francesca Ferlaino when talking about the...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

ICTM Conference 2017: Production technology for turbomachine manufacturing of the future

16.11.2016 | Event News

Innovation Day Laser Technology – Laser Additive Manufacturing

01.11.2016 | Event News

#IC2S2: When Social Science meets Computer Science - GESIS will host the IC2S2 conference 2017

14.10.2016 | Event News

 
Latest News

Researchers identify potentially druggable mutant p53 proteins that promote cancer growth

09.12.2016 | Life Sciences

Scientists produce a new roadmap for guiding development & conservation in the Amazon

09.12.2016 | Ecology, The Environment and Conservation

Satellites, airport visibility readings shed light on troops' exposure to air pollution

09.12.2016 | Health and Medicine

VideoLinks
B2B-VideoLinks
More VideoLinks >>>