Skip to main content
  • Home
  • About
  • Faculty Experts
  • For The Media
  • ’Cuse Conversations Podcast
  • Topics
    • Alumni
    • Events
    • Faculty
    • Students
    • All Topics
  • Contact
  • Submit
  • All News
  • Arts & Culture
  • Business & Economy
  • Campus & Community
  • Health & Society
  • Media, Law & Policy
  • STEM
  • Veterans
  • University Statements
  • Syracuse University Impact
  • |
  • The Peel
  • Athletics
Sections
  • All News
  • Arts & Culture
  • Business & Economy
  • Campus & Community
  • Health & Society
  • Media, Law & Policy
  • STEM
  • Veterans
  • University Statements
  • Syracuse University Impact
  • |
  • The Peel
  • Athletics
  • Home
  • About
  • Faculty Experts
  • For The Media
  • ’Cuse Conversations Podcast
  • Topics
    • Alumni
    • Events
    • Faculty
    • Students
    • All Topics
  • Contact
  • Submit

SU professor uncovers potential issues with apps built for Android systems

Wednesday, October 12, 2011, By News Staff
Share

Wenliang Du, professor of computer science in the L.C. Smith College of Engineering and Computer Science (LCS), has had his paper accepted to be presented at the 27th Annual Computer Security Applications Conference, on potential issues with mobile applications (commonly referred to as apps) written for the Android system using the WebView platform.

duCurrently, in the Android market, 86 percent of the top 20 most-downloaded apps in 10 diverse categories use WebView. With the goal of creating dynamic apps, WebView has enabled developers to embed browsers in their apps allowing users to have a more customized experience that provides opportunities to interact with social media, personal email and other app users. However, Du has discovered that the use of WebView opens app developers and users to potential risks.

There are two major issues addressed in his paper:

1. Which apps to trust. There are a limited number of web browsers on the Internet (i.e. Firefox, Explorer, Safari, etc.). As a result, users of these browsers can be reasonably assured that they are protected from malicious content. However, WebView allows developers to embed browsers in their apps, creating thousands of browser applications on mobile platforms and there is no way to determine which apps are trustworthy. Malicious app developers could create apps that steal or modify users’ information in their online accounts, such as Facebook.

2. Dealing with losing the protection of the sandbox. Internet browsers on computers have safeguards, known as the sandbox, that protect user information and prevent personal information from unknowingly being shared throughout the web. As apps have become more dynamic, those safeguards can often impede some of the desired functionality a developer wishes to create. As a result, app developers have slowly begun opening up holes in the protective sandbox to provide a better user experience, but as a result user information is no longer as secure.

“In industry, developers are usually carried away by the fancy features they create for their products; they often forget about or underestimate the security problems caused by those features,” says Du. “This has happened many times in the history of computing. The design of WebView in Android is just another example of this.”

Du has submitted a proposal to Google to explore whether there are ways to preserve the nice features of WebView and at the same time make it secure. He and his graduate students are also planning on exploring whether this issue may also affect other smartphone and tablet platforms.

A Ph.D. student, Tongbo Luo, who is currently working with Du on a National Science Foundation cybersecurity research grant, had the initial idea to explore weaknesses in the Android system. Luo had taken Du’s courses in computer security and Internet security where students explored both how to identify weaknesses in operating systems and applications as well as how hackers might take advantage of these weaknesses.

Du is passionate about preparing his students to apply the right amount of skepticism to new product introductions. “The goal of both of my security courses is for students to learn take a look at a system or new technology and ask themselves: ‘Is this risky?’”

In spring 2011, both Du and Luo participated in a course on the Android system taught by another LCS professor, Heng Yin. As part of this course, Luo chose to explore weaknesses in Android apps that use WebView. Applying lessons from Du’s security courses, both Luo and Du were able to uncover the potential risks of this rapidly expanding technology.

  • Author

News Staff

  • Recent
  • Syracuse University 2025-26 Budget to Include Significant Expansion of Student Financial Aid
    Wednesday, May 21, 2025, By News Staff
  • University’s Dynamic Sustainability Lab and Ireland’s BiOrbic Sign MOU to Advance Markets for the Biobased Economy
    Wednesday, May 21, 2025, By News Staff
  • Engaged Humanities Network Community Showcase Spotlights Collaborative Work
    Wednesday, May 21, 2025, By Dan Bernardi
  • Students Engaged in Research and Assessment
    Tuesday, May 20, 2025, By News Staff
  • Syracuse Views Summer 2025
    Monday, May 19, 2025, By News Staff

More In Uncategorized

Syracuse Views Summer 2025

We want to know how you experience Syracuse University. Take a photo and share it with us. We select photos from a variety of sources. Submit photos of your University experience by sending them directly to Syracuse University News at…

Syracuse Views Spring 2025

We want to know how you experience Syracuse University. Take a photo and share it with us. We select photos from a variety of sources. Submit photos of your University experience by sending them directly to Syracuse University News at…

Syracuse Views Fall 2024

We want to know how you experience Syracuse University. Take a photo and share it with us. We select photos from a variety of sources. Submit photos of your University experience by sending them directly to Syracuse University News at…

Syracuse Views Summer 2024

We want to know how you experience Syracuse University. Take a photo and share it with us. We select photos from a variety of sources. Submit photos of your University experience by filling out a submission form or sending it directly…

Syracuse Views Spring 2024

We want to know how you experience Syracuse University. Take a photo and share it with us. We select photos from a variety of sources. Submit photos of your University experience by filling out a submission form or sending it…

Subscribe to SU Today

If you need help with your subscription, contact sunews@syr.edu.

Connect With Us

  • X
  • Facebook
  • Instagram
  • Youtube
  • LinkedIn
Social Media Directory

For the Media

Find an Expert Follow @SyracuseUNews
  • Facebook
  • Instagram
  • Youtube
  • LinkedIn
  • @SyracuseU
  • @SyracuseUNews
  • Social Media Directory
  • Accessibility
  • Privacy
  • Campus Status
  • Syracuse.edu
© 2025 Syracuse University News. All Rights Reserved.