Loading...

Let me join two worlds! analyzing the integration of web and native technologies in hybrid mobile apps

Pouryousef, S ; Sharif University of Technology

488 Viewed
  1. Type of Document: Article
  2. DOI: 10.1109/TrustCom/BigDataSE.2018.00274
  3. Abstract:
  4. We can notice that security problems of inappropriate integration of native and web technologies in hybrid mobile applications (apps) have been covered in the related state-of-the-art research. However, analyzing hybrid mobile apps' unique behaviors has been seldom addressed. In this paper, we explore the influence of native and web technologies integration in hybrid mobile apps on the generated profile of mobile applications. Specifically, we analyze the type of Security Sensitive APIs (SS-APIs) exposed to web content and identify the corresponding usage patterns by systematically tracking function-call-graphs of a large number of hybrid and native mobile apps. Our investigations indicate that the generated profiles for hybrid and native mobile apps are considerably different. Using our proposed tool, called Hybrid-scanner, for tracking and analyzing internal behaviors of hybrid mobile apps, we show that there is more trace of API calling for triggering a specific SS-API in a hybrid mobile app in comparison with Android native mobile apps. In addition, we have found that almost 40% of SS-APIs in hybrid mobile apps are invoked by third-party libraries, e.g. advertisement libraries. This knowledge, however, is crucial for designing appropriate malware detection or vulnerability mitigation strategies. Based on our results, we discuss two main approaches in Android malware analysis field and enumerate some suggestions which should be considered in order to successfully detect malicious behaviors in such new type of apps. © 2018 IEEE
  5. Keywords:
  6. Hybrid mobile apps ; Web technology ; Android (operating system) ; Big data ; Computer crime ; Data privacy ; Integration ; Libraries ; Malware ; Mobile computing ; Android mobile analysis ; Malicious behavior ; Mobile applications ; Mobile apps ; Security analysis ; Security problems ; Vulnerability mitigation ; Web technologies ; Mobile security
  7. Source: Proceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018, 31 July 2018 through 3 August 2018 ; 2018 , Pages 1814-1819 ; 9781538643877 (ISBN)
  8. URL: https://ieeexplore.ieee.org/document/8456142