Skip to Main content Skip to Navigation
Conference papers

Droids in Disarray: Detecting Frame Confusion in Hybrid Android Apps

Abstract : Frame Confusion is a vulnerability affecting hybrid applications which allows circumventing the isolation granted by the Same-Origin Policy. The detection of such vulnerability is still carried out manually by application developers, but the process is error-prone and often underestimated. In this paper, we propose a sound and complete methodology to detect the Frame Confusion on Android as well as a publicly-released tool (i.e., FCDroid) which implements such methodology and allows to detect the Frame Confusion in hybrid applications, automatically. We also discuss an empirical assessment carried out on a set of 50K applications using FCDroid, which revealed that a lot of hybrid applications suffer from Frame Confusion. Finally, we show how to exploit Frame Confusion on a news application to steal the user’s credentials.
Document type :
Conference papers
Complete list of metadata

Cited literature [29 references]  Display  Hide  Download
Contributor : Hal Ifip <>
Submitted on : Thursday, November 28, 2019 - 2:26:01 PM
Last modification on : Thursday, November 28, 2019 - 2:29:02 PM
Long-term archiving on: : Saturday, February 29, 2020 - 4:20:14 PM


 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2022-01-01

Please log in to resquest access to the document


Distributed under a Creative Commons Attribution 4.0 International License



Davide Caputo, Luca Verderame, Simone Aonzo, Alessio Merlo. Droids in Disarray: Detecting Frame Confusion in Hybrid Android Apps. 33th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2019, Charleston, SC, United States. pp.121-139, ⟨10.1007/978-3-030-22479-0_7⟩. ⟨hal-02384600⟩



Record views