CAJ | 학술논문

Android平台提供了WebView组件用于加载和显示Web网页。通过调用WebView提供的API，Android应用程序可以与Web页面进行交互操作。该交互过程包括允许Web页面中的JavaScript代码通过调用Android应用中Java代码访问本地资源。在此过程中，攻击者可以通过篡改Web页面中的JavaScript脚本攻击Android应用程序。研究发现，对Android应用程序进行逆向工程攻击得到WebView可调用接口，是此类攻击的前提。因此，为了防止此类攻击，文章提出了一种应用加固方案防止Android逆向工程攻击，通过隐藏WebView组件接口达到保护Android应用程序的目的。该加固方案不仅可以防范针对WebView组件的攻击，也可以防范其他基于Android逆向工程的攻击。
Android평태제공료WebView조건용우가재화현시Web망혈。통과조용WebView제공적API，Android응용정서가이여Web혈면진행교호조작。해교호과정포괄윤허Web혈면중적JavaScript대마통과조용Android응용중Java대마방문본지자원。재차과정중，공격자가이통과찬개Web혈면중적JavaScript각본공격Android응용정서。연구발현，대Android응용정서진행역향공정공격득도WebView가조용접구，시차류공격적전제。인차，위료방지차류공격，문장제출료일충응용가고방안방지Android역향공정공격，통과은장WebView조건접구체도보호Android응용정서적목적。해가고방안불부가이방범침대WebView조건적공격，야가이방범기타기우Android역향공정적공격。
Android platform provides WebView component to load and display webpage.By calling the APIs provided by WebView, Android applications can interact with the webpage.This interaction includes allowing javascript code in webpage to access the local resources by calling java code in Android applications.In this process, an attacker can tamper with the javascript in webpage to attack Android applications.Based on our research, such attacks usually use the reverse engineering of Android applications to get accessible WebView interface as its ifrst step.Thus, in order to avoid these attacks, this paper proposed an application enhancement scheme to prevent Android reverse engineering and hide WebView component interface in order to protect the Android applications.This scheme can prevent not only attacks on WebView component, but also other attacks based on Android reverse engineering.