(Short Paper) Method for Preventing Suspicious Web Access in Android WebView

• Published in: Advances in Information and Computer Security Vol. 11689; pp. 241 - 250
• Main Authors: Sato, Masaya, Imamura, Yuta, Orito, Rintaro, Yamauchi, Toshihiro
• Format: Book Chapter
• Language: English; Japanese
• Published: Switzerland Springer International Publishing AG 2019; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Android; Content blocking; HTTP communication; Web access; WebView
• ISBN: 3030268330; 9783030268336
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-030-26834-3_14

WebView is commonly used by applications on the Android OS. Given that WebView is used as a browsing component on applications, they can be attacked via the web. Existing security mechanisms mainly focus on web browsers; hence, securing WebView is an important challenge. We proposed and implemented a method for preventing suspicious web access in Android WebView. Attackers distribute their malicious content including malicious applications, potentially unwanted programs, and coin miners, by inserting contents into a web page. Because loading malicious content involves HTTP communication, our proposed method monitors HTTP communication by WebView and blocks suspicious web accesses. To apply the proposed method to widely used applications, we implemented our method inside WebView. We also evaluated the proposed method with some popular applications and confirmed that the method can block designated web content without impeding the functionality of applications.