Description: Securing the Web-Native Bridge in Hybrid Mobile Apps
Hybrid Mobile Apps have the following components:
1) Web component that includes HTML, JS, CSS etc,
2) Native component (written in Java in case of Android, or Objective C in case of iOS)
Most organizations choose to write Hybrid mobile app instead of pure native mobile app, as the Web component (which constitutes most part of the mobile app) can be reused across multiple Mobile platforms. For e.g.: the web component written for Android will work in iOS with none or little modifications.
A bridge is provided by the platforms where Web component can call Native code. Also, it enables Native components to run scripts in Web context. This feature of the bridge breaks two main security of the web:
a) Sandbox feature
b) Same Origin Policy,
The objective of this talk is to highlight and describe these security issues in the bridge. Demo would be provided to demonstrate the security issues.
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.