Droids in disarray: Detecting frame confusion in hybrid android apps
- Creators
- Caputo D.
- Verderame L.
- Aonzo S.
- Merlo A.
- Others:
- Caputo, D.
- Verderame, L.
- Aonzo, S.
- Merlo, A.
Description
Frame Confusion is a vulnerability affecting hybrid applications which allows circumventing the isolation granted by the Same-Origin Policy. The detection of such vulnerability is still carried out manually by application developers, but the process is error-prone and often underestimated. In this paper, we propose a sound and complete methodology to detect the Frame Confusion on Android as well as a publicly-released tool (i.e., FCDroid) which implements such methodology and allows to detect the Frame Confusion in hybrid applications, automatically. We also discuss an empirical assessment carried out on a set of 50K applications using FCDroid, which revealed that a lot of hybrid applications suffer from Frame Confusion. Finally, we show how to exploit Frame Confusion on a news application to steal the user's credentials.
Additional details
- URL
- http://hdl.handle.net/11567/1000048
- URN
- urn:oai:iris.unige.it:11567/1000048
- Origin repository
- UNIGE