Web access monitoring mechanism via Android WebView for threat analysis

Yuta Imamura, Rintaro Orito, Hiroyuki Uekawa, Kritsana Chaikaew, Pattara Leelaprute, Masaya Sato, Toshihiro Yamauchi


1 被引用数 (Scopus)


Many Android apps employ WebView, a component that enables the display of web content in the apps without redirecting users to web browser apps. However, WebView might also be used for cyberattacks. Moreover, to the best of our knowledge, although some countermeasures based on access control have been reported for attacks exploiting WebView, no mechanism for monitoring web access via WebView has been proposed and no analysis results focusing on web access via WebView are available. In consideration of this limitation, we propose a web access monitoring mechanism for Android WebView to analyze web access via WebView and clarify attacks exploiting WebView. In this paper, we present the design and implementation of this mechanism by modifying Chromium WebView without any modifications to the Android framework or Linux kernel. The evaluation results of the performance achieved on introducing the proposed mechanism are also presented here. Moreover, the result of threat analysis of displaying a fake virus alert while browsing websites on Android is discussed to demonstrate the effectiveness of the proposed mechanism.

ジャーナルInternational Journal of Information Security
出版ステータスAccepted/In press - 2021

ASJC Scopus subject areas

  • ソフトウェア
  • 情報システム
  • 安全性、リスク、信頼性、品質管理
  • コンピュータ ネットワークおよび通信


「Web access monitoring mechanism via Android WebView for threat analysis」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。