Skip to main content
  • Home
  • About
  • Faculty Experts
  • For The Media
  • ’Cuse Conversations Podcast
  • Topics
    • Alumni
    • Events
    • Faculty
    • Students
    • All Topics
  • Contact
  • Submit
  • All News
  • Arts & Culture
  • Business & Economy
  • Campus & Community
  • Health & Society
  • Media, Law & Policy
  • STEM
  • Veterans
  • |
  • Alumni
  • The Peel
  • Athletics
Sections
  • All News
  • Arts & Culture
  • Business & Economy
  • Campus & Community
  • Health & Society
  • Media, Law & Policy
  • STEM
  • Veterans
  • |
  • Alumni
  • The Peel
  • Athletics
  • Home
  • About
  • Faculty Experts
  • For The Media
  • ’Cuse Conversations Podcast
  • Topics
    • Alumni
    • Events
    • Faculty
    • Students
    • All Topics
  • Contact
  • Submit

SU professor uncovers potential issues with apps built for Android systems

Wednesday, October 12, 2011, By News Staff
Share

Wenliang Du, professor of computer science in the L.C. Smith College of Engineering and Computer Science (LCS), has had his paper accepted to be presented at the 27th Annual Computer Security Applications Conference, on potential issues with mobile applications (commonly referred to as apps) written for the Android system using the WebView platform.

duCurrently, in the Android market, 86 percent of the top 20 most-downloaded apps in 10 diverse categories use WebView. With the goal of creating dynamic apps, WebView has enabled developers to embed browsers in their apps allowing users to have a more customized experience that provides opportunities to interact with social media, personal email and other app users. However, Du has discovered that the use of WebView opens app developers and users to potential risks.

There are two major issues addressed in his paper:

1. Which apps to trust. There are a limited number of web browsers on the Internet (i.e. Firefox, Explorer, Safari, etc.). As a result, users of these browsers can be reasonably assured that they are protected from malicious content. However, WebView allows developers to embed browsers in their apps, creating thousands of browser applications on mobile platforms and there is no way to determine which apps are trustworthy. Malicious app developers could create apps that steal or modify users’ information in their online accounts, such as Facebook.

2. Dealing with losing the protection of the sandbox. Internet browsers on computers have safeguards, known as the sandbox, that protect user information and prevent personal information from unknowingly being shared throughout the web. As apps have become more dynamic, those safeguards can often impede some of the desired functionality a developer wishes to create. As a result, app developers have slowly begun opening up holes in the protective sandbox to provide a better user experience, but as a result user information is no longer as secure.

“In industry, developers are usually carried away by the fancy features they create for their products; they often forget about or underestimate the security problems caused by those features,” says Du. “This has happened many times in the history of computing. The design of WebView in Android is just another example of this.”

Du has submitted a proposal to Google to explore whether there are ways to preserve the nice features of WebView and at the same time make it secure. He and his graduate students are also planning on exploring whether this issue may also affect other smartphone and tablet platforms.

A Ph.D. student, Tongbo Luo, who is currently working with Du on a National Science Foundation cybersecurity research grant, had the initial idea to explore weaknesses in the Android system. Luo had taken Du’s courses in computer security and Internet security where students explored both how to identify weaknesses in operating systems and applications as well as how hackers might take advantage of these weaknesses.

Du is passionate about preparing his students to apply the right amount of skepticism to new product introductions. “The goal of both of my security courses is for students to learn take a look at a system or new technology and ask themselves: ‘Is this risky?’”

In spring 2011, both Du and Luo participated in a course on the Android system taught by another LCS professor, Heng Yin. As part of this course, Luo chose to explore weaknesses in Android apps that use WebView. Applying lessons from Du’s security courses, both Luo and Du were able to uncover the potential risks of this rapidly expanding technology.

  • Author

News Staff

  • Recent
  • Syracuse University Press Participating in Path to Open Program
    Friday, September 29, 2023, By Cristina Hatem
  • A&S Chemistry Professor Receives Award From the American Chemical Society
    Friday, September 29, 2023, By News Staff
  • ‘Guys and Dolls’ opens Syracuse University Department of Drama 2023/24 Season
    Friday, September 29, 2023, By Joanna Penalva
  • Libraries Add MindSpa Wellness Rooms
    Friday, September 29, 2023, By Cristina Hatem
  • Syracuse University Announces the Opening of the Center for Gravitational Wave Astronomy and Astrophysics
    Friday, September 29, 2023, By Kerrie Marshall

More In Uncategorized

School of Education Awarded $3.7M Department of Education Grant to Recruit Special Education Leaders

Syracuse University’s School of Education (SOE) has been awarded a $3.7 million grant from the U.S. Department of Education’s Office of Special Education and Rehabilitative Services to prepare—along with two partner institutions—a new generation of leaders in special education, early…

Law professor available to discuss ruling that Trump committed fraud for business properties

Reporters looking for a legal expert to help explain the issues facing the Trump businesses after a judge ruled  that former President Donald Trump committed fraud by inflating the value of his assets, please see comments below from legal professor…

Syracuse Views Fall 2023

We want to know how you experience Syracuse University. Take a photo and share it with us. We select photos from a variety of sources. Submit photos of your University experience using #SyracuseU on social media, fill out a submission…

Phillips Appointed Interim Director at Lender Center for Social Justice; Director Search Committee Named

The Lender Center for Social Justice has familiar leadership for the 2023-24 academic year while a renewed search for a permanent director is conducted. Kendall Phillips, founding co-director of the Lender Center and professor in the Department of Communication and…

Syracuse Views Spring 2023

We want to know how you experience Syracuse University. Take a photo and share it with us. We select photos from a variety of sources. Submit photos of your University experience using #SyracuseU on social media, fill out a submission…

Subscribe to SU Today

If you need help with your subscription, contact sunews@syr.edu.

Connect With Us

  • X
  • Facebook
  • Instagram
  • Youtube
  • LinkedIn
Social Media Directory

For the Media

Find an Expert Follow @SyracuseUNews
  • Facebook
  • Instagram
  • Youtube
  • LinkedIn
  • @SyracuseU
  • @SyracuseUNews
  • @SUCampus
  • Social Media Directory
  • Accessibility
  • Privacy
  • Campus Status
  • Syracuse.edu
© 2023 Syracuse University News. All Rights Reserved.