pdfreaders.org

On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache Cordova Nation

Achim D. Brucker und Michael Herzberg

Cover for brucker.ea:cordova-security:2016.Developing mobile applications is a challenging business: developers need to support multiple platforms and, at the same time, need to cope with limited resources, as the revenue generated by an average app is rather small. This results in an increasing use of cross-platform development frameworks that allow developing an app once and offering it on multiple mobile platforms such as Android, iOS, or Windows.

Apache Cordova is a popular framework for developing multi-platform apps. Cordova combines HTML5 and JavaScript with native application code. Combining web and native technologies creates new security challenges as, e.g., an XSS attacker becomes more powerful.

In this paper, we present a novel approach for statically analysing the foreign language calls. We evaluate our approach by analysing the top Cordova apps from Google Play. Moreover, we report on the current state of the overall quality and security of Cordova apps.

Schlüsselwörter: static program analysis, static application security testing, Android, Cordova, hybrid mobile apps
Kategorien: ,
Dokumente: (Artikel als PDF Datei) (Folien) (Handout)

QR Code for brucker.ea:cordova-security:2016.Bitte zitieren sie diesen Artikel wie folgt:
Achim D. Brucker und Michael Herzberg. On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache Cordova Nation. In International Symposium on Engineering Secure Software and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages 72-88, Springer-Verlag, 2016.
Schlüsselwörter: static program analysis, static application security testing, Android, Cordova, hybrid mobile apps
(Artikel als PDF Datei) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1007/978-3-319-30806-7_5) (Share article on LinkedIn. Share article on CiteULike.)

BibTeX
@InCollection{ brucker.ea:cordova-security:2016,
abstract = {Developing mobile applications is a challenging business: developers need to support multiple platforms and, at the same time, need to cope with limited resources, as the revenue generated by an average app is rather small. This results in an increasing use of cross-platform development frameworks that allow developing an app once and offering it on multiple mobile platforms such as Android, iOS, or Windows.\\\\Apache Cordova is a popular framework for developing multi-platform apps. Cordova combines HTML5 and JavaScript with native application code. Combining web and native technologies creates new security challenges as, e.g., an XSS attacker becomes more powerful.\\\\In this paper, we present a novel approach for statically analysing the foreign language calls. We evaluate our approach by analysing the top Cordova apps from Google Play. Moreover, we report on the current state of the overall quality and security of Cordova apps.},
address = {Heidelberg},
author = {Achim D. Brucker and Michael Herzberg},
booktitle = {International Symposium on Engineering Secure Software and Systems (ESSoS)},
doi = {10.1007/978-3-319-30806-7_5},
editor = {Juan Caballero and Eric Bodden},
isbn = {978-3-642-11746-6},
keywords = {static program analysis, static application security testing, Android, Cordova, hybrid mobile apps},
language = {USenglish},
number = {9639},
pages = {72--88},
pdf = {https://www.brucker.ch/bibliography/download/2016/brucker.ea-cordova-security-2016.pdf},
publisher = {Springer-Verlag},
series = {Lecture Notes in Computer Science},
talk = {talk:brucker.ea:cordova-security:2016},
title = {On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache Cordova Nation},
url = {https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016},
year = {2016},
}