請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/79229
標題: | 應用程式內建瀏覽器的隱私與安全風險 On the Privacy and Security Risks of In-app Browsers |
其他標題: | On the Privacy and Security Risks of In-app Browsers |
作者: | 劉恩婷 Ann Tene Low |
指導教授: | 蕭旭君 Hsu-Chun Hsiao |
關鍵字: | 手機應用程式內建瀏覽器,網頁視圖,客製分頁, In-app Browsers,WebView,Custom Tabs, |
出版年 : | 2022 |
學位: | 碩士 |
摘要: | 最近的統計數據顯示,55%的網絡流量來自於手機用戶,而Chrome WebView在瀏覽器市占率中排名第四。Chrome WebView是本研究中我們感興趣的對象的基礎引擎之一。隨著用戶在手機應用上花費更多時間,應用開發者依靠應用程式內建瀏覽器來提供更好的用戶體驗。當用戶點擊對話、電子郵件或帖子中的URL時,應用程式內建瀏覽器被啟動。然而,應用程式內建瀏覽器並不提供桌面或手機瀏覽器的所有典型功能。
因此,我們進行了這項研究來分析使用應用程式內建瀏覽器的隱私與安全風險。我們共收集了24個移動應用,包括移動瀏覽器和帶應用內瀏覽器的應用,並從用戶界面、安全機制和設備指紋識別三個方面設計了18項測試。儘管在我們的測試中,所有的應用程序似乎都實現了基本的安全機制,但用戶界面和設備指紋測試揭示了一些需要改進的方面。在這個過程中,我們發現沒有一個帶有自定義應用內瀏覽器的移動應用程序滿足了我們所有測試的預期屬性。儘管客製分頁(Custom Tabs)更安全,但本地應用程序仍然可以收集用戶歷史記錄並將其發送到後台服務器。我們的研究結果披露,用戶容易受到惡意網站所有者和窺探性應用程序的影響。總而言之,我們建議用戶使用更安全的手機瀏覽器來打開另一個手機應用程序中的鏈接。此外,他們可以避免使用手機應用程序,在手機瀏覽器中瀏覽移動網站。 Recent statistics showed that 55 percent of the web traffic originated from mobile, and Chrome WebView ranked number four among the top browsers. Chrome WebView is one of the underlying engines for our object of interest in this study. As users spend more time on their mobile apps, app developers rely on the in-app browser to provide a better user experience. In-app browsers are triggered when users click on URLs in conversations, emails, or posts. However, in-app browsers do not offer all the typical features of desktop or mobile browsers. Thus, we performed this study to analyze the privacy and security risks of using in-app browsers. We collected a total of 24 mobile apps comprised of mobile browsers and apps with in-app browsers and designed 18 categories of tests from three aspects: user interface, security mechanism, and fingerprinting surface. Although all apps seem to implement basic security mechanisms in our tests, user interface and fingerprinting tests disclose some aspects that need improvement. During this process, we discovered that none of the mobile apps with customized in-app browsers fulfilled all test's desired properties. Despite Custom Tabs being more secure, native apps could still gather user history and send it to the backend server. Our findings disclose that users are vulnerable to malicious site owners and prying applications. In conclusion, we suggest that users use a more secure mobile browser to open links in another mobile app. Besides, they could avoid using a mobile app and browse mobile sites in mobile browsers. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/79229 |
DOI: | 10.6342/NTU202204283 |
全文授權: | 同意授權(限校園內公開) |
顯示於系所單位: | 資訊網路與多媒體研究所 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
U0001-1810202221185500.pdf 授權僅限NTU校內IP使用(校園外請利用VPN校外連線服務) | 6.81 MB | Adobe PDF | 檢視/開啟 |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。