Let me Join Two Worlds! Analyzing the Integration of Web and Native Technologies in Hybrid Mobile Apps

We can notice that security problems of inappropriate integration of native and web technologies in hybrid mobile applications (apps) have been covered in the related state-of-the-art research. However, analyzing hybrid mobile apps' unique behaviors has been seldom addressed. In this paper, we explore the influence of native and web technologies integration in hybrid mobile apps on the generated profile of mobile applications. Specifically, we analyze the type of Security Sensitive APIs (SS-APIs) exposed to web content and identify the corresponding usage patterns by systematically tracking function-call-graphs of a large number of hybrid and native mobile apps. Our investigations indicate that the generated profiles for hybrid and native mobile apps are considerably different. Using our proposed tool, called Hybrid-scanner, for tracking and analyzing internal behaviors of hybrid mobile apps, we show that there is more trace of API calling for triggering a specific SS-API in a hybrid mobile app in comparison with Android native mobile apps. In addition, we have found that almost 40% of SS-APIs in hybrid mobile apps are invoked by third-party libraries, e.g. advertisement libraries. This knowledge, however, is crucial for designing appropriate malware detection or vulnerability mitigation strategies. Based on our results, we discuss two main approaches in Android malware analysis field and enumerate some suggestions which should be considered in order to successfully detect malicious behaviors in such new type of apps.