中文摘要：

Android平台提供了WebView组件用于加载和显示Web网页。通过调用WebView提供的API,Android应用程序可以与Web页面进行交互操作。该交互过程包括允许Web页面中的Java Script代码通过调用Android应用中Java代码访问本地资源。在此过程中,攻击者可以通过篡改Web页面中的Java Script脚本攻击Android应用程序。研究发现,对Android应用程序进行逆向工程攻击得到WebView可调用接口,是此类攻击的前提。因此,为了防止此类攻击,文章提出了一种应用加固方案防止Android逆向工程攻击,通过隐藏WebView组件接口达到保护Android应用程序的目的。该加固方案不仅可以防范针对WebView组件的攻击,也可以防范其他基于Android逆向工程的攻击。

英文摘要：

Android platform provides WebView component to load and display webpage.By calling the APIs provided by WebView, Android applications can interact with the webpage.This interaction includes allowing javascript code in webpage to access the local resources by calling java code in Android applications.In this process, an attacker can tamper with the javascript in webpage to attack Android applications.Based on our research, such attacks usually use the reverse engineering of Android applications to get accessible WebView interface as its first step.Thus, in order to avoid these attacks, this paper proposed an application enhancement scheme to prevent Android reverse engineering and hide WebView component interface in order to protect the Android applications.This scheme can prevent not only attacks on WebView component, but also other attacks based on Android reverse engineering.