Info: Zenodo’s user support line is staffed on regular business days between Dec 23 and Jan 5. Response times may be slightly longer than normal.

There is a newer version of the record available.

Published August 21, 2023 | Version 1.1
Dataset Open

iWanDroid: Demand-driven Information Flow Analysis of WebView in Android Hybrid Apps

  • 1. University of Passau

Description

The repo contains the tool iWanDroid: Artifacts for the paper Demand-driven Information Flow Analysis of WebView in Android Hybrid Apps, accepted at ISSRE 2023.

Android hybrid apps augment native apps with web and inter-language communication capabilities. These apps facilitate the integration of web components, including JavaScript, into native apps. Besides, they allow a two-way communication where JavaScript can utilize functionality shared by the native side (Java). However, due to operational differences between Java and JavaScript, the semantics of this communication are complex. Tracking information flows via this communication channel, i.e., between these heterogeneous platforms, becomes intricate.

Multiple approaches have been proposed to analyze hybrid apps. However, most of them focus on specific classes of web-induced vulnerabilities or provide rudimentary tracking of specific information flows via this communication channel. This work proposes a demand-driven analysis to comprehensively track information flow violations from the native side to JavaScript and vice-versa. To this end, our framework selectively creates data flow summaries of the shared native-side code based on its usage in the corresponding JavaScript code. We demonstrate the efficacy of our approach by applying it to various benchmarks and large-scale apps.

 

Files

Files (11.8 GB)

Name Size Download all
md5:2da17c6a6eea924fcc2eb7ae19664a0d
11.8 GB Download