, The Lifetime of Android API Vulnerabilities: Case Study on the JavaScript-to-Java Interface, vol.9379, pp.126-138, 2015.

, AndroidRank: Androidrank market data, 2018.

S. Aonzo, A. Merlo, G. Tavella, and Y. Fratantonio, Phishing attacks on modern android, Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2018.

M. Backes, S. Gerling, and P. V. Styprekowsky, A Local Cross-Site Scripting Attack against Android Phones, pp.1-6, 2011.

J. Bai, W. Wang, Y. Qin, S. Zhang, J. Wang et al., BridgeTaint: A Bi-Directional Dynamic Taint Tracking Method for JavaScript Bridges in Android Hybrid Applications, IEEE Trans. Inf. Forensics Secur, vol.14, issue.3, pp.677-692, 2019.

,

W. Bao, W. Yao, M. Zong, and D. Wang, Proceedings of the 2017 International Conference on Cryptography, Security and Privacy -ICCSP '17, pp.56-61, 2017.

A. B. Bhavani, Cross-Site Scripting attacks on Android webView, International Journal of Computer Science and Network, vol.2, issue.2, pp.1-5, 2013.

Y. L. Chen, H. M. Lee, A. B. Jeng, and T. E. Wei, DroidCIA: A novel detection method of code injection attacks on HTML5-based mobile apps, Proc. -14th IEEE Int, vol.1, pp.1014-1021, 2015.

,

E. Chin and D. Wagner, Bifocals: Analyzing WebView Vulnerabilities in Android Applications, vol.8267, pp.138-159, 2014.

A. Cordova, , 2018.

A. Cortesi, M. Hils, and T. Kriechbaumer, contributors: mitmproxy: A free and open source interactive HTTPS proxy, 2010.

O. Erlend, RetireJS -Scanner detecting the use of JavaScript libraries with known vulnerabilities, 2019.

B. Gruver, Smali -Assembler/Disassembler for the dex format, 2019.

J. Hu, A Tale of Two Cities : How WebView Induces Bugs to Android Applications, vol.1, pp.702-713, 2018.

X. Jin, X. Hu, K. Ying, W. Du, H. Yin et al., Code Injection Attacks on HTML5-based Mobile Apps. Proc. 2014 ACM SIGSAC Conf. Comput. Commun. Secur. -CCS '14 pp, pp.66-77, 2014.

S. Lee, J. Dolby, and S. Ryu, HybriDroid: static analysis framework for Android hybrid applications, Proc. 31st IEEE/ACM Int. Conf. Autom. Softw. Eng. -ASE, pp.250-261, 2016.

L. Li, T. F. Bissyandé, M. Papadakis, S. Rasthofer, A. Bartel et al., Static analysis of android apps: A systematic literature review, Inf. Softw. Technol, vol.88, pp.67-95, 2017.

T. Li, X. Wang, M. Zha, K. Chen, X. Wang et al., Unleashing the Walking Dead : Understanding Cross-App Remote Infections on Mobile WebViews. Ccs pp, pp.829-844, 2017.

Y. Li, Z. Yang, Y. Guo, and X. Chen, DroidBot: A lightweight UI-guided test input generator for android, 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, pp.23-26, 2017.

T. Luo, H. Hao, W. Du, Y. Wang, and H. Yin, Attacks on WebView in the Android system. Proceedings of the 27th Annual Computer Security Applications Conference on -ACSAC '11 p, p.343, 2011.

M. Neugschwandtner, M. Lindorfer, and C. Platzer, A View to a Kill: WebView Exploitation, Leet, 2013.

S. Nishant-das-patnaik, :. Sabyasachi-sahoo, and . Jsprime, OWASP: Using components with known vulnerabilities, 2013.

A. Phonegap, , 2018.

C. Rizzo, L. Cavallaro, and J. Kinder, BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews, 2017.

S. Sedol and R. Johari, Survey of Cross-site Scripting Attack in Android Apps, Sandbox attribute, vol.4, p.29, 2014.

R. Winiewski and C. Tumbleson, Apktool A tool for reverse engineering Android apk files, 2018.

R. Yan, X. Xiao, G. Hu, S. Peng, and Y. Jiang, New deep learning method to detect code injection attacks on hybrid applications, Journal of Systems and Software, vol.137, pp.67-77, 2018.