Let me Join Two Worlds! Analyzing the Integration of Web and Native Technologies in Hybrid Mobile Apps

Shahrooz Pouryousef, Mariam Rezaiee, Ata Chizari

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

3 Citations (Scopus)

Abstract

We can notice that security problems of inappropriate integration of native and web technologies in hybrid mobile applications (apps) have been covered in the related state-of-the-art research. However, analyzing hybrid mobile apps' unique behaviors has been seldom addressed. In this paper, we explore the influence of native and web technologies integration in hybrid mobile apps on the generated profile of mobile applications. Specifically, we analyze the type of Security Sensitive APIs (SS-APIs) exposed to web content and identify the corresponding usage patterns by systematically tracking function-call-graphs of a large number of hybrid and native mobile apps. Our investigations indicate that the generated profiles for hybrid and native mobile apps are considerably different. Using our proposed tool, called Hybrid-scanner, for tracking and analyzing internal behaviors of hybrid mobile apps, we show that there is more trace of API calling for triggering a specific SS-API in a hybrid mobile app in comparison with Android native mobile apps. In addition, we have found that almost 40% of SS-APIs in hybrid mobile apps are invoked by third-party libraries, e.g. advertisement libraries. This knowledge, however, is crucial for designing appropriate malware detection or vulnerability mitigation strategies. Based on our results, we discuss two main approaches in Android malware analysis field and enumerate some suggestions which should be considered in order to successfully detect malicious behaviors in such new type of apps.

Original languageEnglish
Title of host publicationProceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018
PublisherIEEE
Pages1814-1819
Number of pages6
ISBN (Print)9781538643877
DOIs
Publication statusPublished - 5 Sep 2018
Event17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018 - New York, United States
Duration: 31 Jul 20183 Aug 2018

Conference

Conference17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018
Country/TerritoryUnited States
CityNew York
Period31/07/183/08/18

Keywords

  • android mobile analysis
  • hybrid mobile apps
  • security analysis
  • web technology

Fingerprint

Dive into the research topics of 'Let me Join Two Worlds! Analyzing the Integration of Web and Native Technologies in Hybrid Mobile Apps'. Together they form a unique fingerprint.

Cite this