Currently, in the Android market, 86 percent of the top 20 most downloaded apps in 10 diverse categories use WebView. With the goal of creating dynamic apps, WebView has enabled developers to embed browsers in their apps allowing users to have a more customized experience that provides opportunities to interact with social media, personal email and other app users. However, Du has discovered that the use of WebView opens app developers and users to potential risks.
Dealing with losing the protection of the sandbox. Internet browsers on computers have safeguards, known as the sandbox, that protect user information and prevent personal information from unknowingly being shared throughout the web. As apps have become more dynamic, those safeguards can often impede some of the desired functionality a developer wishes to create. As a result, app developers have slowly begun opening up holes in the protective sandbox to provide a better user experience but as a result user information is no longer as secure.
“In industry, developers are usually carried away by the fancy features they create for their products; they often forget about or underestimate the security problems caused by those features,” says Du. “This has happened many times in the history of computing. The design of WebView in Android is just another example of this.”
Du has submitted a proposal to Google to explore whether there are ways to preserve the nice features of WebView and at the same time make it secure. He and his graduate students are also planning on exploring whether this issue may also affect other smartphone and tablet platforms.
A PhD student, Tongbo Luo, who is currently working with Du on an NSF cybersecurity research grant, had the initial idea to explore weaknesses in the Android system. Luo had taken Du’s courses in computer security and Internet security where students explored both how to identify weaknesses in operating systems and applications as well as how hackers might take advantage of these weaknesses.
Du is passionate about preparing his students to apply the right amount of skepticism to new product introductions. “The goal of both of my security courses is for students to learn take a look at a system or new technology and ask themselves, ‘Is this risky?’”
In spring 2011 both Du and Luo participated in a course on the Android system taught by another LCS professor Heng Yin. As part of this course, Luo chose to explore weaknesses in Android apps that use WebView. Applying lessons from Du’s security courses both Luo and Du were able to uncover the potential risks of this rapidly expanding technology.
Ariel DuChene | EurekAlert!
Safe glide at total engine failure with ELA-inside
27.02.2017 | FernUniversität in Hagen
Deep Learning predicts hematopoietic stem cell development
21.02.2017 | Helmholtz Zentrum München - Deutsches Forschungszentrum für Gesundheit und Umwelt
On January 15, 2009, Chesley B. Sullenberger was celebrated world-wide: after the two engines had failed due to bird strike, he and his flight crew succeeded after a glide flight with an Airbus A320 in ditching on the Hudson River. All 155 people on board were saved.
On January 15, 2009, Chesley B. Sullenberger was celebrated world-wide: after the two engines had failed due to bird strike, he and his flight crew succeeded...
In the field of nanoscience, an international team of physicists with participants from Konstanz has achieved a breakthrough in understanding heat transport
Cells need to repair damaged DNA in our genes to prevent the development of cancer and other diseases. Our cells therefore activate and send “repair-proteins”...
The Fraunhofer IWS Dresden and Technische Universität Dresden inaugurated their jointly operated Center for Additive Manufacturing Dresden (AMCD) with a festive ceremony on February 7, 2017. Scientists from various disciplines perform research on materials, additive manufacturing processes and innovative technologies, which build up components in a layer by layer process. This technology opens up new horizons for component design and combinations of functions. For example during fabrication, electrical conductors and sensors are already able to be additively manufactured into components. They provide information about stress conditions of a product during operation.
The 3D-printing technology, or additive manufacturing as it is often called, has long made the step out of scientific research laboratories into industrial...
Nature does amazing things with limited design materials. Grass, for example, can support its own weight, resist strong wind loads, and recover after being...
13.02.2017 | Event News
10.02.2017 | Event News
09.02.2017 | Event News
28.02.2017 | Physics and Astronomy
28.02.2017 | Materials Sciences
28.02.2017 | Health and Medicine