Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks
Download: Paper (PDF)
Date: 22 Feb 2014
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2014
Hybrid application frameworks introduce new browser APIs that let Web applications access native resources on mobile devices. We analyze inconsistencies between access control policies at different levels of the hybrid software stack, demonstrate how they expose native resources to malicious Web content, and propose a defense.