Understanding and Mitigating Threats from Android Hybrid Apps Using Machine Learning

Abstract

he Android platform has emerged as the most popular computing platform that has more than 2.5 billion devices [1] working across the globe. These devices include not only mobiles and tablets, but even Android Auto modules in cars, various Android versions running on Televisions, watches and host of other smart devices. What makes things more challenging and interesting for the Android Developers and security experts is the fact that various versions of Android Operating System, from Android 2.3.3 (Ginger Bread) to Android 11.0 coexist in this ecosystem. This paper discusses threats that emanate from Hybrid Android Apps. These Hybrid Apps use WebView Component for handling web content within Android Apps. WebView allows HTML and JavaScript to run and render webpages inside Apps, thereby allowing them to download content from Web Servers on the Internet. It is used by several popular Apps, like Facebook, Twitter, Instagram, etc. WebView even allows JavaScript code to call Android code for completing various tasks. While this feature gives tremendous capability to create interactive Hybrid Apps, however, it also opens a route for malicious content to infect the Android Platform using targeted JavaScript based malwares. Any malicious JavaScript, from untrusted or even from trusted source, can thus find its way to exploit this unique linkage with Android Platform. In this paper we analyze Android Web View's security vulnerabilities, access authorization, kind of attacks that it can encounter, and mechanisms to prevent these attacks. To do so, we have developed two Android Apps, viz., "WebView Tool" and "WebView Monitor". Our analysis and detection mechanisms are based on Machine Learning techniques.