Currently, in the Android market, 86 percent of the top 20 most downloaded apps in 10 diverse categories use WebView. With the goal of creating dynamic apps, WebView has enabled developers to embed browsers in their apps allowing users to have a more customized experience that provides opportunities to interact with social media, personal email and other app users. However, Du has discovered that the use of WebView opens app developers and users to potential risks.
Dealing with losing the protection of the sandbox. Internet browsers on computers have safeguards, known as the sandbox, that protect user information and prevent personal information from unknowingly being shared throughout the web. As apps have become more dynamic, those safeguards can often impede some of the desired functionality a developer wishes to create. As a result, app developers have slowly begun opening up holes in the protective sandbox to provide a better user experience but as a result user information is no longer as secure.
“In industry, developers are usually carried away by the fancy features they create for their products; they often forget about or underestimate the security problems caused by those features,” says Du. “This has happened many times in the history of computing. The design of WebView in Android is just another example of this.”
Du has submitted a proposal to Google to explore whether there are ways to preserve the nice features of WebView and at the same time make it secure. He and his graduate students are also planning on exploring whether this issue may also affect other smartphone and tablet platforms.
A PhD student, Tongbo Luo, who is currently working with Du on an NSF cybersecurity research grant, had the initial idea to explore weaknesses in the Android system. Luo had taken Du’s courses in computer security and Internet security where students explored both how to identify weaknesses in operating systems and applications as well as how hackers might take advantage of these weaknesses.
Du is passionate about preparing his students to apply the right amount of skepticism to new product introductions. “The goal of both of my security courses is for students to learn take a look at a system or new technology and ask themselves, ‘Is this risky?’”
In spring 2011 both Du and Luo participated in a course on the Android system taught by another LCS professor Heng Yin. As part of this course, Luo chose to explore weaknesses in Android apps that use WebView. Applying lessons from Du’s security courses both Luo and Du were able to uncover the potential risks of this rapidly expanding technology.
Ariel DuChene | EurekAlert!
Information integration and artificial intelligence for better diagnosis and therapy decisions
24.05.2017 | Fraunhofer MEVIS - Institut für Bildgestützte Medizin
World's thinnest hologram paves path to new 3-D world
18.05.2017 | RMIT University
Staphylococcus aureus is a feared pathogen (MRSA, multi-resistant S. aureus) due to frequent resistances against many antibiotics, especially in hospital infections. Researchers at the Paul-Ehrlich-Institut have identified immunological processes that prevent a successful immune response directed against the pathogenic agent. The delivery of bacterial proteins with RNA adjuvant or messenger RNA (mRNA) into immune cells allows the re-direction of the immune response towards an active defense against S. aureus. This could be of significant importance for the development of an effective vaccine. PLOS Pathogens has published these research results online on 25 May 2017.
Staphylococcus aureus (S. aureus) is a bacterium that colonizes by far more than half of the skin and the mucosa of adults, usually without causing infections....
Physicists from the University of Würzburg are capable of generating identical looking single light particles at the push of a button. Two new studies now demonstrate the potential this method holds.
The quantum computer has fuelled the imagination of scientists for decades: It is based on fundamentally different phenomena than a conventional computer....
An international team of physicists has monitored the scattering behaviour of electrons in a non-conducting material in real-time. Their insights could be beneficial for radiotherapy.
We can refer to electrons in non-conducting materials as ‘sluggish’. Typically, they remain fixed in a location, deep inside an atomic composite. It is hence...
Two-dimensional magnetic structures are regarded as a promising material for new types of data storage, since the magnetic properties of individual molecular building blocks can be investigated and modified. For the first time, researchers have now produced a wafer-thin ferrimagnet, in which molecules with different magnetic centers arrange themselves on a gold surface to form a checkerboard pattern. Scientists at the Swiss Nanoscience Institute at the University of Basel and the Paul Scherrer Institute published their findings in the journal Nature Communications.
Ferrimagnets are composed of two centers which are magnetized at different strengths and point in opposing directions. Two-dimensional, quasi-flat ferrimagnets...
An Australian-Chinese research team has created the world's thinnest hologram, paving the way towards the integration of 3D holography into everyday...
24.05.2017 | Event News
23.05.2017 | Event News
22.05.2017 | Event News
26.05.2017 | Life Sciences
26.05.2017 | Life Sciences
26.05.2017 | Physics and Astronomy