Cross Site Request Forgery on Android WebView Cross Site Request Forgery on Android WebView

  • Bhavani A
  • 6

    Readers

    Mendeley users who have this article in their library.
  • N/A

    Citations

    Citations of this article.

Abstract

-Android has always been about connectivity and providing great browsing experience. Web-based content can be embedded into the Android application using WebView. It is a User Interface component that displays webpages. It can either display a remote webpage or can also load static HTML data. This encompasses the functionality of a browser that can be integrated to application. WebView provides a number of APIs which enables the applications to interact with the web content inside WebView. In the current paper, Cross site request forgery or XSRF attack specific to android WebView is investigated. In XSRF attack, the trusts of a web application in its authenticated users is exploited by letting the attacker make arbitrary HTTP requests on behalf of a victim user. When the user is logged into the trusted site through the WebView, the site authenticates the WebView and not application. The application can launch attacks on the behalf of user with the APIs of Webview, exploiting user's credentials resulting in Cross site request forgery. Attacks can also be launched by setting cookies as HTTP headers and making malicious HTTP Request on behalf of victim.

Author-supplied keywords

  • -Android WebView
  • Computer Security
  • Cross Site Request Forgery

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

There are no full text links

Authors

  • A B Bhavani

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free