Hybrid APP-Security

I. vulnerabilities caused by the Addjavascriptinterface interface

Reference: http://blog.csdn.net/leehong2005/article/details/11808557/

Description

JS Injection method Addjavascriptinterface may lead to unsafe, because JS may contain malicious code. With JavaScript, you can access everything on the current device's SD card, even contact information, text messages, and so on.

1,webview added a JavaScript object, and the current app has read-write SDcard permissions, which is: Android.permission.write_external_storage2,js can traverse the Window object, Objects that have an object with the "GetClass" method are found, and then the runtime object is obtained through a reflection mechanism, and then a static method is called to execute commands, such as a command to access a file. 3, and then get the string from the input stream returned after executing the command, you can get the information of the file name

function Execute (Cmdargs) {for (var obj. window) {if ("GetClass" in Window[obj]) {alert (obj); Return Window[obj].getclass (). forname ("Java.lang.Runtime"). GetMethod ("GetRuntime", null). Invoke (        null,null). exec (Cmdargs); }    }}

Solution:

1,android more than 4.2 of the system on Android 4.2, Google made a correction, through the Java remote method above the declaration of a @javascriptinterface2.android 4.2 system (1) This problem is more difficult to solve , but it is not impossible to solve. First, we definitely can't call the Addjavascriptinterface method again. On this issue, the most important thing is to know the JS event this action, JS and Java interaction We know, there are several, than prompt, alert and so on, such actions will correspond to webchromeclientclass, for prompt, the corresponding method is onjspromptMethod. "1" Let JS call a JavaScript method, this method is called the prompt method, through the prompt to the information in JS, this information should be a section of meaningful text we combine, may contain: specific identities, method names, parameterssuch as In onjspromptmethod, we parse the passed text, get the method name, parameter, etc., and then invoke the method of the Java object by invoking the specified method through the reflection mechanism. "2" about the return value, you can return back through prompt, so that the results of the method in Java can be returned to JS. "3" We need to dynamically generate a JS script that declares a JavaScript method, which is loaded with Loadurl to register it in an HTML page. 3. Remove some default JS object Searchboxjavabridge_,accessibility,accessibilitytraversal two. White list check is loaded as checked override Loadurl,posturl Web redirect redirect do check Webviewclient shouldoverrideurlloading method, the URL outside the dialogue list to intercept

Hybrid APP-Security