This is Why We Can’t Have Nice Things: JavaScript Bridging on Android presented at Converge 2014

by Dawn Isabel,

Summary : Android applications use in-app browsers called WebViews to load and present HTML-based interfaces within the context of the application. These interfaces can use JavaScript as a bridge back to the native application code, enabling rapid development of rich interfaces in HTML that have access to the application’s context. What could possibly go wrong? In this talk, we’ll examine the implications of using addJavascriptInterface to create such a bridge and how it can be exploited to execute malicious code on the device.