Skip to main content
Conference ProceedingsOPEN ACCESS

Droids in disarray: Detecting frame confusion in hybrid android apps

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2019) 11559 LNCS 121-139
DOI: 10.1007/978-3-030-22479-0_7
5Citations
Citations of this article
10Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Frame Confusion is a vulnerability affecting hybrid applications which allows circumventing the isolation granted by the Same-Origin Policy. The detection of such vulnerability is still carried out manually by application developers, but the process is error-prone and often underestimated. In this paper, we propose a sound and complete methodology to detect the Frame Confusion on Android as well as a publicly-released tool (i.e., FCDroid) which implements such methodology and allows to detect the Frame Confusion in hybrid applications, automatically. We also discuss an empirical assessment carried out on a set of 50K applications using FCDroid, which revealed that a lot of hybrid applications suffer from Frame Confusion. Finally, we show how to exploit Frame Confusion on a news application to steal the user’s credentials.

Author supplied keywords

Cite

CITATION STYLE

APA

Caputo, D., Verderame, L., Aonzo, S., & Merlo, A. (2019). Droids in disarray: Detecting frame confusion in hybrid android apps. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11559 LNCS, pp. 121–139). Springer Verlag. https://doi.org/10.1007/978-3-030-22479-0_7

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free