Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

SU Professor Uncovers Potential Issues with Applications Build for Android Systems

14.10.2011
Wenliang Du, professor of computer science in the L.C. Smith College of Engineering and Computer Science (LCS), has had his paper accepted to be presented at the 27th Annual Computer Security Applications Conference, on potential issues with mobile applications (commonly referred to as apps) written for the Android system using the WebView platform.

Currently, in the Android market, 86 percent of the top 20 most downloaded apps in 10 diverse categories use WebView. With the goal of creating dynamic apps, WebView has enabled developers to embed browsers in their apps allowing users to have a more customized experience that provides opportunities to interact with social media, personal email and other app users. However, Du has discovered that the use of WebView opens app developers and users to potential risks.

There are two major issues addressed in his paper:
Which apps to trust. There are a limited number of web browsers on the Internet (i.e. Firefox, Explorer, Safari, etc.). As a result, users of these browsers can be reasonably assured that they are protected from malicious content. However, WebView allows developers to embed browsers in their apps creating thousands browser applications on mobile platforms and there is no way to determine which apps are trustworthy. Malicious app developers could create apps that steal or modify users’ information in their online accounts, such as Facebook

Dealing with losing the protection of the sandbox. Internet browsers on computers have safeguards, known as the sandbox, that protect user information and prevent personal information from unknowingly being shared throughout the web. As apps have become more dynamic, those safeguards can often impede some of the desired functionality a developer wishes to create. As a result, app developers have slowly begun opening up holes in the protective sandbox to provide a better user experience but as a result user information is no longer as secure.

“In industry, developers are usually carried away by the fancy features they create for their products; they often forget about or underestimate the security problems caused by those features,” says Du. “This has happened many times in the history of computing. The design of WebView in Android is just another example of this.”

Du has submitted a proposal to Google to explore whether there are ways to preserve the nice features of WebView and at the same time make it secure. He and his graduate students are also planning on exploring whether this issue may also affect other smartphone and tablet platforms.

A PhD student, Tongbo Luo, who is currently working with Du on an NSF cybersecurity research grant, had the initial idea to explore weaknesses in the Android system. Luo had taken Du’s courses in computer security and Internet security where students explored both how to identify weaknesses in operating systems and applications as well as how hackers might take advantage of these weaknesses.

Du is passionate about preparing his students to apply the right amount of skepticism to new product introductions. “The goal of both of my security courses is for students to learn take a look at a system or new technology and ask themselves, ‘Is this risky?’”

In spring 2011 both Du and Luo participated in a course on the Android system taught by another LCS professor Heng Yin. As part of this course, Luo chose to explore weaknesses in Android apps that use WebView. Applying lessons from Du’s security courses both Luo and Du were able to uncover the potential risks of this rapidly expanding technology.

Ariel DuChene | EurekAlert!
Further information:
http://www.syr.edu

More articles from Information Technology:

nachricht Fraunhofer FIT announces CloudTeams collaborative software development platform – join it for free
10.01.2017 | Fraunhofer-Institut für Angewandte Informationstechnik FIT

nachricht Electron-photon small-talk could have big impact on quantum computing
23.12.2016 | Princeton University

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Designing Architecture with Solar Building Envelopes

Among the general public, solar thermal energy is currently associated with dark blue, rectangular collectors on building roofs. Technologies are needed for aesthetically high quality architecture which offer the architect more room for manoeuvre when it comes to low- and plus-energy buildings. With the “ArKol” project, researchers at Fraunhofer ISE together with partners are currently developing two façade collectors for solar thermal energy generation, which permit a high degree of design flexibility: a strip collector for opaque façade sections and a solar thermal blind for transparent sections. The current state of the two developments will be presented at the BAU 2017 trade fair.

As part of the “ArKol – development of architecturally highly integrated façade collectors with heat pipes” project, Fraunhofer ISE together with its partners...

Im Focus: How to inflate a hardened concrete shell with a weight of 80 t

At TU Wien, an alternative for resource intensive formwork for the construction of concrete domes was developed. It is now used in a test dome for the Austrian Federal Railways Infrastructure (ÖBB Infrastruktur).

Concrete shells are efficient structures, but not very resource efficient. The formwork for the construction of concrete domes alone requires a high amount of...

Im Focus: Bacterial Pac Man molecule snaps at sugar

Many pathogens use certain sugar compounds from their host to help conceal themselves against the immune system. Scientists at the University of Bonn have now, in cooperation with researchers at the University of York in the United Kingdom, analyzed the dynamics of a bacterial molecule that is involved in this process. They demonstrate that the protein grabs onto the sugar molecule with a Pac Man-like chewing motion and holds it until it can be used. Their results could help design therapeutics that could make the protein poorer at grabbing and holding and hence compromise the pathogen in the host. The study has now been published in “Biophysical Journal”.

The cells of the mouth, nose and intestinal mucosa produce large quantities of a chemical called sialic acid. Many bacteria possess a special transport system...

Im Focus: Newly proposed reference datasets improve weather satellite data quality

UMD, NOAA collaboration demonstrates suitability of in-orbit datasets for weather satellite calibration

"Traffic and weather, together on the hour!" blasts your local radio station, while your smartphone knows the weather halfway across the world. A network of...

Im Focus: Repairing defects in fiber-reinforced plastics more efficiently

Fiber-reinforced plastics (FRP) are frequently used in the aeronautic and automobile industry. However, the repair of workpieces made of these composite materials is often less profitable than exchanging the part. In order to increase the lifetime of FRP parts and to make them more eco-efficient, the Laser Zentrum Hannover e.V. (LZH) and the Apodius GmbH want to combine a new measuring device for fiber layer orientation with an innovative laser-based repair process.

Defects in FRP pieces may be production or operation-related. Whether or not repair is cost-effective depends on the geometry of the defective area, the tools...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

12V, 48V, high-voltage – trends in E/E automotive architecture

10.01.2017 | Event News

2nd Conference on Non-Textual Information on 10 and 11 May 2017 in Hannover

09.01.2017 | Event News

Nothing will happen without batteries making it happen!

05.01.2017 | Event News

 
Latest News

Solar Collectors from Ultra-High Performance Concrete Combine Energy Efficiency and Aesthetics

16.01.2017 | Trade Fair News

3D scans for the automotive industry

16.01.2017 | Automotive Engineering

Nanoparticle Exposure Can Awaken Dormant Viruses in the Lungs

16.01.2017 | Life Sciences

VideoLinks
B2B-VideoLinks
More VideoLinks >>>