Publication

Abstract : pWebView, an Android component to load and display web content, has become the center of attraction for attackers as its use increases with the increased trend of hybrid application development. The attackers mainly concentrate on abusing the JavaScript interface and accessing the native code. Since most of the developers do not go for HTTPS secure connections to decrease processing overhead, injection attacks becomes easy. The attacker looks for the JavaScript interface implementation in well known libraries like ad-provider libraries or hybrid application wrapper libraries and try to inject code that uses them. This paper presents a low overhead solution to use public key cryptography for ensuring integrity over data transferred and thus prevent such attacks. © Springer International Publishing Switzerland 2015./p