[ PDF |
BibTeX |
EndNote |
RIS |
Word ]
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache Cordova Nation
By Achim D. Brucker and Michael Herzberg.
Developing mobile applications is a challenging business: developers need to support multiple platforms and, at the same time, need to cope with limited resources, as the revenue generated by an average app is rather small. This results in an increasing use of cross-platform development frameworks that allow developing an app once and offering it on multiple mobile platforms such as Android, iOS, or Windows.
Apache Cordova is a popular framework for developing multi-platform apps. Cordova combines HTML5 and JavaScript with native application code. Combining web and native technologies creates new security challenges as, e.g., an XSS attacker becomes more powerful.
In this paper, we present a novel approach for statically analysing the foreign language calls. We evaluate our approach by analysing the top Cordova apps from Google Play. Moreover, we report on the current state of the overall quality and security of Cordova apps.
Further Reading: This presentation is based on the following publication: A. D. Brucker and M. Herzberg, “On the static analysis of hybrid mobile apps: A report on the state of apache cordova nation,” in International symposium on engineering secure software and systems (ESSoS), J. Caballero and E. Bodden, Eds. Heidelberg: Springer-Verlag, 2016, pp. 72–88. doi: 10.1007/978-3-319-30806-7_5. Author copy: http://logicalhacking.com/publications/brucker.ea-cordova-security-2016/
Please cite this work as follows: A. D. Brucker and M. Herzberg, “On the static analysis of hybrid mobile apps: A report on the state of apache cordova nation,” presented at the International symposium on engineering secure software and systems (ESSoS 2016), Egham, UK, Apr. 07, 2016. Author copy: http://logicalhacking.com/publications/talk-brucker.ea-cordova-security-2016/
BibTeX
@Unpublished{ talk:brucker.ea:cordova-security:2016,
abstract = {Developing mobile applications is a challenging business:
developers need to support multiple platforms and, at the same
time, need to cope with limited resources, as the revenue
generated by an average app is rather small. This results in
an increasing use of cross-platform development frameworks
that allow developing an app once and offering it on multiple
mobile platforms such as Android, iOS, or Windows.
Apache Cordova is a popular framework for developing
multi-platform apps. Cordova combines HTML5 and JavaScript
with native application code. Combining web and native
technologies creates new security challenges as, e.g., an XSS
attacker becomes more powerful.
In this paper, we present a novel approach for statically
analysing the foreign language calls. We evaluate our approach
by analysing the top Cordova apps from Google Play. Moreover,
we report on the current state of the overall quality and
security of Cordova apps.},
venue = {Egham, UK},
author = {Achim D. Brucker and Michael Herzberg},
eventtitle = {International Symposium on Engineering Secure Software and
Systems (ESSoS 2016)},
date = {2016-04-07},
language = {USenglish},
slideshare = {key/eonaUa6v945AHF},
slideshare_height = {356},
slideshare_width = {427},
title = {On the Static Analysis of Hybrid Mobile Apps: A Report on the
State of Apache Cordova Nation},
areas = {security, software},
note = {Author copy: \url{http://logicalhacking.com/publications/talk-brucker.ea-cordova-security-2016/}},
}