Author(s): Martin Georgiev, Suman Jana, Vitaly Shmatikov

Download: Paper (PDF)

Date: 22 Feb 2014

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2014

Abstract:

Hybrid application frameworks introduce new browser APIs that let Web applications access native resources on mobile devices. We analyze inconsistencies between access control policies at different levels of the hybrid software stack, demonstrate how they expose native resources to malicious Web content, and propose a defense.