{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T13:30:53Z","timestamp":1742995853510,"version":"3.40.3"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030224783"},{"type":"electronic","value":"9783030224790"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-22479-0_7","type":"book-chapter","created":{"date-parts":[[2019,7,3]],"date-time":"2019-07-03T23:02:56Z","timestamp":1562194976000},"page":"121-139","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Droids in Disarray: Detecting Frame Confusion in Hybrid Android Apps"],"prefix":"10.1007","author":[{"given":"Davide","family":"Caputo","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luca","family":"Verderame","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Simone","family":"Aonzo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alessio","family":"Merlo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,6,11]]},"reference":[{"key":"7_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1007\/978-3-319-26096-9_13","volume-title":"Security Protocols XXIII","author":"DR Thomas","year":"2015","unstructured":"Thomas, D.R., Beresford, A.R., Coudray, T., Sutcliffe, T., Taylor, A.: The lifetime of Android API vulnerabilities: case study on the JavaScript-to-Java interface. In: Christianson, B., \u0160venda, P., Maty\u00e1\u0161, V., Malcolm, J., Stajano, F., Anderson, J. (eds.) Security Protocols 2015. LNCS, vol. 9379, pp. 126\u2013138. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-26096-9_13"},{"key":"7_CR2","unstructured":"AndroidRank: Androidrank market data (2018). https:\/\/www.androidrank.org\/"},{"key":"7_CR3","doi-asserted-by":"crossref","unstructured":"Aonzo, S., Merlo, A., Tavella, G., Fratantonio, Y.: Phishing attacks on modern android. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 2018","DOI":"10.1145\/3243734.3243778"},{"key":"7_CR4","unstructured":"Backes, M., Gerling, S., Styprekowsky, P.V.: A Local Cross-Site Scripting Attack against Android Phones, pp. 1\u20136. Saarland University (2011). http:\/\/www.infsec.cs.uni-saarland.de\/projects\/android-vuln\/"},{"issue":"3","key":"7_CR5","doi-asserted-by":"publisher","first-page":"677","DOI":"10.1109\/TIFS.2018.2855650","volume":"14","author":"J Bai","year":"2019","unstructured":"Bai, J., Wang, W., Qin, Y., Zhang, S., Wang, J., Pan, Y.: BridgeTaint: a bi-directional dynamic taint tracking method for JavaScript bridges in Android hybrid applications. IEEE Trans. Inf. Forensics Secur. 14(3), 677\u2013692 (2019). https:\/\/doi.org\/10.1109\/TIFS.2018.2855650","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"7_CR6","doi-asserted-by":"publisher","unstructured":"Bao, W., Yao, W., Zong, M., Wang, D.: Cross-site scripting attacks on android hybrid applications. In: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy - ICCSP 2017, pp. 56\u201361. ACM Press, New York (2017). https:\/\/doi.org\/10.1145\/3058060.3058076, http:\/\/dblp.uni-trier.de\/db\/conf\/iccsp\/iccsp2017.html","DOI":"10.1145\/3058060.3058076"},{"issue":"2","key":"7_CR7","first-page":"1","volume":"2","author":"AB Bhavani","year":"2013","unstructured":"Bhavani, A.B.: Cross-site scripting attacks on Android WebView. Int. J. Comput. Sci. Netw. 2(2), 1\u20135 (2013)","journal-title":"Int. J. Comput. Sci. Netw."},{"key":"7_CR8","doi-asserted-by":"publisher","unstructured":"Chen, Y.L., Lee, H.M., Jeng, A.B., Wei, T.E.: DroidCIA: a novel detection method of code injection attacks on HTML5-based mobile apps. In: 2015 Proceedings of 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, vol. 1, pp. 1014\u20131021 (2015). https:\/\/doi.org\/10.1109\/Trustcom.2015.477","DOI":"10.1109\/Trustcom.2015.477"},{"key":"7_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1007\/978-3-319-05149-9_9","volume-title":"Information Security Applications","author":"E Chin","year":"2014","unstructured":"Chin, E., Wagner, D.: Bifocals: analyzing WebView vulnerabilities in Android applications. In: Kim, Y., Lee, H., Perrig, A. (eds.) WISA 2013. LNCS, vol. 8267, pp. 138\u2013159. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-05149-9_9"},{"key":"7_CR10","unstructured":"Content Security Policy: Content security policy (2016). http:\/\/content-security-policy.com, https:\/\/developers.google.com\/web\/fundamentals\/security\/csp\/"},{"key":"7_CR11","unstructured":"Apache Cordova: (2018). https:\/\/cordova.apache.org\/"},{"key":"7_CR12","unstructured":"Cortesi, A., Hils, M., Kriechbaumer, T., Contributors: mitmproxy: a free and open source interactive HTTPS proxy (Version 4.0) (2010). https:\/\/mitmproxy.org\/"},{"key":"7_CR13","unstructured":"Erlend, O.: RetireJS - Scanner detecting the use of JavaScript libraries with known vulnerabilities (2019). https:\/\/retirejs.github.io\/retire.js\/"},{"key":"7_CR14","unstructured":"Gruver, B.: Smali - Assembler\/Disassembler for the dex format (2019). http:\/\/github.com\/JesusFreke\/smali\/"},{"key":"7_CR15","doi-asserted-by":"publisher","unstructured":"Hu, J.: A tale of two cities : how WebView induces bugs to Android applications, vol. 1, pp. 702\u2013713 (2018). https:\/\/doi.org\/10.1145\/3238147.3238180","DOI":"10.1145\/3238147.3238180"},{"key":"7_CR16","unstructured":"JavascriptInterface: (2019). https:\/\/developer.android.com\/reference\/android\/webkit\/JavascriptInterface"},{"key":"7_CR17","doi-asserted-by":"publisher","unstructured":"Jin, X., Hu, X., Ying, K., Du, W., Yin, H., Peri, G.N.: Code injection attacks on HTML5-based mobile apps. In: Proceedings of 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS 2014, pp. 66\u201377 (2014). https:\/\/doi.org\/10.1145\/2660267.2660275","DOI":"10.1145\/2660267.2660275"},{"key":"7_CR18","doi-asserted-by":"crossref","unstructured":"Lee, S., Dolby, J., Ryu, S.: HybriDroid: static analysis framework for Android hybrid applications. In: Proceedings of 31st IEEE\/ACM Int. Conference on Automated Software Engineering - ASE 2016, pp. 250\u2013261 (2016). http:\/\/dl.acm.org\/citation.cfm?doid=2970276.2970368","DOI":"10.1145\/2970276.2970368"},{"key":"7_CR19","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1016\/j.infsof.2017.04.001","volume":"88","author":"L Li","year":"2017","unstructured":"Li, L., et al.: Static analysis of android apps: a systematic literature review. Inf. Softw. Technol. 88, 67\u201395 (2017). https:\/\/doi.org\/10.1016\/j.infsof.2017.04.001","journal-title":"Inf. Softw. Technol."},{"key":"7_CR20","doi-asserted-by":"publisher","unstructured":"Li, T., et al.: Unleashing the walking dead : understanding cross-app remote infections on mobile WebViews. In: CCS, pp. 829\u2013844 (2017). https:\/\/doi.org\/10.1145\/3133956.3134021, https:\/\/acmccs.github.io\/papers\/p829-liA.pdf","DOI":"10.1145\/3133956.3134021"},{"key":"7_CR21","doi-asserted-by":"publisher","unstructured":"Li, Y., Yang, Z., Guo, Y., Chen, X.: DroidBot: a lightweight UI-guided test input generator for android. In: Proceedings of 2017 IEEE\/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017, pp. 23\u201326 (2017). https:\/\/doi.org\/10.1109\/ICSE-C.2017.8","DOI":"10.1109\/ICSE-C.2017.8"},{"key":"7_CR22","doi-asserted-by":"publisher","unstructured":"Luo, T., Hao, H., Du, W., Wang, Y., Yin, H.: Attacks on WebView in the Android system. In: Proceedings of the 27th Annual Computer Security Applications Conference on - ACSAC 2011, p. 343 (2011). https:\/\/doi.org\/10.1145\/2076732.2076781","DOI":"10.1145\/2076732.2076781"},{"key":"7_CR23","unstructured":"Neugschwandtner, M., Lindorfer, M., Platzer, C.: A view to a kill: WebView exploitation. In: LEET (2013). http:\/\/publik.tuwien.ac.at\/files\/PubDat_223415.pdf"},{"key":"7_CR24","unstructured":"Das Patnaik, N., Sabyasachi Sahoo, S.: JSPrime (2013). https:\/\/dpnishant.github.io\/jsprime\/"},{"key":"7_CR25","unstructured":"OWASP: using components with known vulnerabilities (2017). https:\/\/www.owasp.org\/index.php\/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities"},{"key":"7_CR26","unstructured":"Adobe PhoneGap: (2018). https:\/\/phonegap.com\/"},{"key":"7_CR27","doi-asserted-by":"crossref","unstructured":"Rizzo, C., Cavallaro, L., Kinder, J.: BabelView: evaluating the impact of code injection attacks in mobile Webviews (2017). http:\/\/arxiv.org\/abs\/1709.05690","DOI":"10.1007\/978-3-030-00470-5_2"},{"issue":"11","key":"7_CR28","first-page":"1079","volume":"4","author":"S Sedol","year":"2014","unstructured":"Sedol, S., Johari, R.: Survey of cross-site scripting attack in Android Apps. Int. J. Inf. Comput. Technol. 4(11), 1079\u20131084 (2014)","journal-title":"Int. J. Inf. Comput. Technol."},{"key":"7_CR29","unstructured":"w3: Sandbox attribute (2018). https:\/\/www.w3.org\/wiki\/Html\/Elements\/iframe"},{"key":"7_CR30","unstructured":"WebSetting: (2019). https:\/\/developer.android.com\/reference\/android\/webkit\/websettings"},{"key":"7_CR31","unstructured":"WebView: (2019). https:\/\/play.google.com\/store\/apps\/details?id=com.google.android.webview&hl=en"},{"key":"7_CR32","unstructured":"WebViewSafeBrowsing: (2018). https:\/\/developer.android.com\/guide\/webapps\/managing-webview"},{"key":"7_CR33","unstructured":"WebViewSecurity: (2017). https:\/\/android-developers.googleblog.com\/2017\/06\/whats-new-in-webview-security.html"},{"key":"7_CR34","unstructured":"Wi\u015bniewski, R., Tumbleson, C.: Apktool A tool for reverse engineering Android apk files (2018). http:\/\/ibotpeaches.github.io\/Apktool\/"},{"key":"7_CR35","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1016\/j.jss.2017.11.001","volume":"137","author":"R Yan","year":"2018","unstructured":"Yan, R., Xiao, X., Hu, G., Peng, S., Jiang, Y.: New deep learning method to detect code injection attacks on hybrid applications. J. Syst. Softw. 137, 67\u201377 (2018). https:\/\/doi.org\/10.1016\/j.jss.2017.11.001","journal-title":"J. Syst. Softw."}],"container-title":["Lecture Notes in Computer Science","Data and Applications Security and Privacy XXXIII"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-22479-0_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,12]],"date-time":"2024-03-12T16:07:53Z","timestamp":1710259673000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-22479-0_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030224783","9783030224790"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-22479-0_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"11 June 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DBSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP Annual Conference on Data and Applications Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Charleston, SC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 July 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 July 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"33","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dbsec2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dbsec2019.cse.sc.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"40% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}