57 lines
2.5 KiB
Plaintext
57 lines
2.5 KiB
Plaintext
To cite the analysis of hybrid Android Applications (e.g., using Cordova
|
|
or SAP Kapsel), please use
|
|
|
|
Achim D. Brucker and Michael Herzberg. On the Static Analysis of
|
|
Hybrid Mobile Apps: A Report on the State of Apache Cordova
|
|
Nation. In International Symposium on Engineering Secure Software
|
|
and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages
|
|
72-88, Springer-Verlag, 2016. doi: :10.1007/978-3-319-30806-7_5
|
|
|
|
A BibTeX entry for LaTeX users is
|
|
|
|
@InCollection{ brucker.ea:cordova-security:2016,
|
|
author = {Achim D. Brucker and Michael Herzberg},
|
|
booktitle = {International Symposium on Engineering Secure Software and
|
|
Systems (ESSoS)},
|
|
language = {USenglish},
|
|
editor = {Juan Caballero and Eric Bodden},
|
|
publisher = {Springer-Verlag},
|
|
pages = {72--88},
|
|
talk = {talk:brucker.ea:cordova-security:2016},
|
|
address = {Heidelberg},
|
|
series = {Lecture Notes in Computer Science},
|
|
number = {9639},
|
|
title = {On the Static Analysis of Hybrid Mobile Apps: A Report on
|
|
the State of Apache Cordova Nation},
|
|
year = {2016},
|
|
isbn = {978-3-642-11746-6},
|
|
classification= {conference},
|
|
areas = {security, software},
|
|
public = {yes},
|
|
doi = {10.1007/978-3-319-30806-7_5},
|
|
pdf = {https://www.brucker.ch/bibliography/download/2016/brucker.ea-cordova-security-2016.pdf},
|
|
abstract = {Developing mobile applications is a challenging business:
|
|
developers need to support multiple platforms and, at the
|
|
same time, need to cope with limited resources, as the
|
|
revenue generated by an average app is rather small. This
|
|
results in an increasing use of cross-platform development
|
|
frameworks that allow developing an app once and offering
|
|
it on multiple mobile platforms such as Android, iOS, or
|
|
Windows.
|
|
|
|
Apache Cordova is a popular framework for developing
|
|
multi-platform apps. Cordova combines HTML5 and JavaScript
|
|
with native application code. Combining web and native
|
|
technologies creates new security challenges as, e.g., an
|
|
XSS attacker becomes more powerful.
|
|
|
|
In this paper, we present a novel approach for statically
|
|
analysing the foreign language calls. We evaluate our
|
|
approach by analysing the top Cordova apps from Google
|
|
Play. Moreover, we report on the current state of the
|
|
overall quality and security of Cordova apps. },
|
|
keywords = {static program analysis, static application security
|
|
testing, Android, Cordova, hybrid mobile apps},
|
|
url = {https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016}
|
|
}
|