Characterizing Embedded Web Browsing in Mobile Apps

Abstract : Modern mobile OSes support to display Web pages in the native apps, which we call embedded Web pages. In this paper, we conduct, to the best of our knowledge, the first measurement study on browsing embedded Web pages on Android. Our study on 22,521 popular Android apps shows that 57.9% and 73.8% of apps embed Web pages on two popular app markets: Google Play and Wandoujia, respectively. To analyze the embedded Web browsing performance at scale, we design and implement EWProfiler, a tool that can automatically search for embedded Web pages inside apps, trigger page loads, and retrieve performance metrics. Based on 445 embedded Web pages obtained by EWProfiler in 99 popular apps from the two app markets, we investigate the characteristics and performance of embedded Web pages, and find that embedded Web pages significantly impede the app user experience. To optimize the performance of embedded Web browsing, we investigate the effectiveness of three techniques, i.e., separating the browser kernel to a different process, loading pages from local storage, and pre-rendering. We believe that our findings could draw attentions to Web developers, browser vendors, app developers, and mobile OS vendors together towards better performance of embedded Web browsing.

 EXISTING SYSTEM :

 ? In this paper, we focus on the Android platform and aim to systematize or characterize existing Android malware. ? The characterization and a subsequent evolution-based study of representative families reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. ? The timeline analysis is instrumental to revealing major outbreaks of certain Android malware in the wild while the detailed breakdown and characterization of existing Android malware is helpful to better understand them and shed light on possible defenses. ? To eliminate possible false positive in our dataset, we run our collection through existing mobile anti-virus software for confirmation.

 DISADVANTAGE :

 ? To validate that the load is indeed successful, we let the testbed take a picture of the entire rendered page and examine the screenshot manually to check failures such as any unrendered part due to network timeout. ? For each website, we collect all its six traces again if any of them is found to be problematic. ? SPDY addresses this problem by using a much longer timeout (describe soon) and by forbidding to use the Connection header field (i.e., SPDY always assumes a persistent connection). ? In HTTP(S), a busy connection may block a new request to the same server but this does not happen in SPDY, which allows multiplexing transfers of multiple objects of the same domain in a single connection.

 PROPOSED SYSTEM :

 • To improve the smartphone security and privacy, a number of platform-level extensions have been proposed. • Our approach assumes that strings defined external to the application, such as user input, will not influence the color or the structure of the HTML tags. For the string analysis, we used a technique proposed by Yu and colleagues. • Accordingly, researches have proposed several possible solutions to this issue. Stowaway exposes the over-privilege problem (where an app requests more permissions than it uses) in existing apps. • . That probably explains why attackers have no motivations or the need to lure victim for installation. GPSSMSSpy is an example that listens to SMS-based commands to record and upload the victim’s current location.

 ADVANTAGE :

 ? They also lead us to examine a key metric called inter-object idle time, which causes many websites to have very long load time, significantly hurting the resource efficiency. ? Although performance is not our focus in this study, it is correlated with the radio energy utilization in cellular networks since usually the radio is on during the entire page loading period due to the long tail times. ? Although splitting connection can improve TCP performance in certain circumstances, it has negligible impact on our measurement results in §4 except for the TCP connection management part, on which the impact is also small. We revisit this in §4.3 and §4.6. ? There can be multiple causes for such significant underutilization e.g., due to unawareness or performance concerns.