According to the Science Daily newswire, Wenliang Du, a Professor of computer science in the L.C. Smith College of Engineering and Computer Science (LCS) - part of New York's Syracuse University – has had his paper on the WebView platform insecurity issues accepted for an upcoming security conference.
Plans now call for Professor Du's paper to be presented at the 27th Annual Computer Security Applications Conference, which takes place in Florida this coming December.
The WebView platform, Infosecurity notes, is reportedly used in more than 80% of the most 20 popular apps for the Android smartphone and tablet computer operating system, since it allows app coders to embed browser functionality within the app itself, and so gate into a wide variety of internet and web 2.0 services.
The newswire reports that Professor Du's paper centers on two main issues: which apps to trust and potential problems with the memory sandbox, which is a key feature of Android's buffer between the operating system and the mobile internet.
The paper reportedly notes that, since almost any browser code can be embedded in an app, there is no way to determine which apps are trustworthy. Malicious app developers, says the Science Daily newswire, “could create apps that steal or modify users' information in their online accounts, such as Facebook.”
On the subject of losing the protection of the sandbox, the paper reportedly notes that developers have slowly begun opening up holes in the memory sandbox to provide a better user experience but as a result user information is no longer as secure.
Professor Du's paper is not just a one-way criticism, as the Professor has reportedly submitted a proposal to Google to explore whether there are ways to preserve the features of WebView, whilst making the platform more secure.