Essay details:

  • Subject area(s): Engineering
  • Price: Free download
  • Published on: 7th September 2019
  • File format: Text
  • Number of pages: 2

Text preview of this essay:

This page is a preview - download the full version of this essay above.


Document sharing is one of the oldest and efficient applications of the internet. One way by which a file can be shared online is that user can upload files to a common space on the web and others users can download these files from the common web space.

The main objective of this project was to design an online file sharing app where some

users can upload the files and other users can download them for their use.

This report also discusses the implementation details of the app, and the

advantages of having different visualizations of the file system. This report also addresses

various questions regarding file storage,  where to store the files, in database as files in the file system on web server. This report analyzes the advantages and disadvantages of  techniques in terms of performance and security.



1.1 Introduction To Project

This project is an online portal between students and faculty in any college or institute. This innovative system allows college faculty to share important data as well as notifications with students. It consists of a faculty login along with student login. Since college faculty operates through their pc and document uploading is simpler through a pc, the faculty login is to be performed through a computer or a pc. Faculty may upload the documents of subject syllabus, notices, timetable document, notifications, e-notes etc through their provided login. The documents are uploaded by faculty to different corresponding departments. We propose to build this system on an online server that allows faculty to upload data and students may view, search and download the required documents through their android device. Here students can only see and download the data of their particular semester whereas rest of the data is hidden to them. Faculty may access and upload or edit the documents to any semester or add any notice as desired.

This project has a login page which allows only the registered user to login and thereby preventing unauthorized access. This system can be used to view all the syllabus, updates details, notifications, etc. The android mobile user will be able to make quick download from anywhere using internet. Usage of this application for a student will greatly reduce the time in engineering document sharing. The android mobile user will not be able to insert or view details if the server goes down, thus there is a disadvantage of single point failure.

1.2 Motivation behind project topic

In today’s time the internet has become such a huge thing that it is almost impossible to not to share and view each others work. Online collaboration and sharing has become a big thing with companies such as Google, etc.

One of the advantage of sharing data online is that it’s a great way to get across our opinions. And seeing as the internet is like a huge society where daily lots of people will see what you think and they may also choose to inject they’re opinion and it is a great way to communicate with other people as well.

We live in a world where chasing the information that you need has become increasingly an herculean task. So a document sharing application provides the technologies, tools, and methods used to capture, manage, store, deliver and dispose of documents across an enterprise. It makes your documents work for you instead of you working hard to organize and manage your documents to be used later on.

One of the reason is that, we can’t carry our machines with us everytime where ever we go.So, if we want some important documents to be viewed at any time we are not able to view that document unless and until we have machines with us.With the help of this type of document sharing application we can download any type of document any time for our work.

1.3 Aim and Objectives of the work

The aim of this project is to build an app that would allow different faculty to easily share files among their students.

• To give the users different visualizations of their file system. Usually in a file sharing website, users will be given only one option where they can view their files and folders in the traditional windows style folder view.

• To analyze the issue of file storage. There are two common places where the files can be stored are database and the web server.

1.4 Introduction to Android Webview

WebView is an essential component in Android and iOS. Itenables applications to display content from on-line resources. Itsimplifies task of performing a network request, parsing the dataand rendering it. WebView uses a number of APIs which caninteract with the web contents inside WebView.Many of the Android applications display web content

and also interact with it. This is possible by exposing aweb browser as a standalone component and embedding itin the application.It uses WebKit rendering engine to display

web pages. It also enables developers to incorporatebrowser functionalities such as rendering, navigation etc. in the application.

To achieve a betterinteraction between apps and their embedded browsers,WebView provides a number of APIs, allowing code in appsto invoke and be invoked by the JavaScript code withinthe web pages, intercept their events, and modify those events. Using these features, apps can become customizedbrowsers for their intended web applications. Currently,in the Android market, 86 percent of the top 20 most downloadedapps in 10 diverse categories use WebView.The design ofWebView changes the landscape of theWeb,especially from the security perspective. Two essential piecesof the Web's security infrastructure are weakened if Web-View and its APIs are used: the Trusted Computing Base(TCB) at the client side, and the sandbox protection implementedby browsers. As results, many attacks can be

launched either against apps or by them. The objective ofthis report is to present these attacks, analyze their fundamentalcauses, and discuss potential solutions.

The WebView class allows developers to display data from webpages and files within the application. Through the WebView, developers not only set the content tobe displayed, but they can also specify the layout and behavior of the WebView (likedisplaying of the address bar, track the browsing history, allow searches, etc.).The web content can be displayed by sending a request to a browser applicationto load the content. We will focus on the WebView approach to displaying webcontent as customizations in a WebView can lead to security problems, while browsersare separate applications outside of an application’s security boundary.

One of the feature of android is that it provides a way for JavaScript in a WebView to invoke Android application code, if this is enabled by the application. In particular, the application developer can register an interface (an API to the mobile application) that can be called by the JavaScript. This allows the web page to access functionality and data exposed by the application. This may seem safe, as typically developers use WebViews to display trusted websites.

1.4.1 Webview APIs

There are two types of APIs in WebView, the Web-basedAPIs and the UI based APIs. Web-based APIs aredesigned to interact with the web-contents inside theWebView. Examples of these APIs include loadURL,CookieManager.getCookie, etc. WebView is a subclass of amore generic View class.View is the base class for widgets, which are used tocreate interactive UI components (buttons, text fields, etc).Therefore, WebView inherits the APIs of super class.Such APIs are UI-based APIs.

The package which provides tools for Android applicationto browse the web is android.webkit. The packagecontains number of classes and interfaces. The mostimportant class of the package is the WebView. It enablesthe developer to embed a built-in Web browser as widget,

for displaying HTML content and browsing the web. Inaddition to WebView, android. webkit provides severalother classes such as CookieManager,CookieSyncManager, WebChromeClient, WebViewClientetc. Jointly, these classes expose many APIs to Androidapplications.

Fig :WebView APIs Overview



We first study how many apps are actually using Web-View. Surprisingly,we have found that 86 percent  of apps useWebView.

Figure :Webview usage among apps

We first analyzed various applications to better understandtheir use ofWebviews.We found that 608 of the 864 applications (70.4%) contained atleast one WebView in the application. Of these 608 applications, 433 contained at least one WebView inthe core functionality of the application. Also, 351 applications contained at least one WebView displayedby an ad library in the application. This suggests that use of web content in Androidapplications is common and useful.The web content displayed in a WebView can be hosted remotely or locally. We analyzed all WebViews in various applications to identify what URI is initially loadedinto the WebView.

[1] To improve the efficiency of many web applications, view materialization is one of the issue by which the selected webview can be materialized in order to optimize the response time of the web queries. In order to reduce the overhead for generating dynamic data, it is possible to generate data corresponding to dynamic object, then store the object in a cache, and then subsequently serve the requests to the object from the cache memory instead of calling the server program repeatedly.

Similar to database views, webviews can be categorized into two parts: virtual and materialized. Virtual webviews are computed dynamically when request generated from database. Whereas materialized webviews are precomputed and their results are reused when the page is required by an user. In virtual webviews, the cost of computing the webview increases the response time because web server need additional time to compute the webviews. In materialized webview, the serverload increases because of each update operation of the database need to update the webview.Webview are usually generated by collecting the database query results together with HTML command or XML tags.

There are mainly two types of attacks: through malicious web pages and malicious apps.

For all of the attacks described in the papers, the following assumptions have been made:

1. Many of the peoples are concerned about potential malicious applications in mobile devices. As pointed out, the developers of the apps and the owner of theweb contents inside WebView are usually not the same. The investigationshows that among the top 113 apps that is usingWebView, 49 are third-partyapps. Therefore, it is quite common for web contents to be loaded into anuntrusted environment.

2. The assumption is that the users clearly know they are using WebView. Users make sure they are using the secured blackboxWebView instance toaccess web contents, and they trust that the mobile system can isolate thecontents inside WebView from those from outside.

3. They assume that the effective access control mechanism is already enforced on the Web-based APIs exposed by the WebView. Asmentioned before, Web-based APIs are powerful to control the web contentsinside WebView. They assume a perfect redesigned access control model hasbeen implemented on WebView to isolate the contents inside WebView fromoutside world.

4. The UI-based APIs are accessible by the apps. WebView is a specialized user interface component it is designed as a subclass of the moregeneric UI components, such as the View class.

5. Malicious apps are only granted with one permission. It should be carefully noted that to successfully launch the attacks described in the paper, malicious Android applications only need one permission Android.permission.INTERNET. This permission is widely granted to

86.6% of free (and 65% of paid) Android applications.


3.1 Security Situations

The pervasive use of WebViewand mobile devices has actually changed the security landscape

of the Web.Another important security feature of browsers is sandbox,which contains the behaviors of web pages inside thebrowsers, preventing them from accessing the system resourcesor the pages from other origins. Unfortunately, tosupport better interactions between apps and web pages,WebView allows apps to punch or holes on the sandbox, creatinga lot of opportunities for attacks.

3.2 Threat Model

3.2.1 Attacks from Malicious Web Pages

 Inthis attack model, we assume that apps are benign, and theyare intended to serve a web application, such as Facebook.These apps can be both first-party (owned by the intendedweb application) and third-party (owned by an independententity). The objective of attackers is to compromise the appsand their intended web application. To achieve this, theattackers need to trick the victim to load their web pages intothe apps, and then launch attacks on the target WebView. Getting the victim to load attacker's web pages is not very difficult, and it can bedone through various means, such as emails, social networks,advertisements, etc.

3.2.2Attacks from Malicious Apps

 In this threat model,we assume that an attacker owns a malicious app, designedspecially for a web application, e.g., Facebook. The goalof the attacker is to directly launch attacks on the web application. Obviously,these attacks only make sense for third-party apps. To preparefor such attacks, the attacker needs to allure users touse their apps for the intended web application. Theapp uses WebView to browse Facebook.

3.3 WebSettings

Each WebView contains its own WebSettings.

The Android WebSettings class manages the settings of a WebView:

– Javascript execution in a webpage can be enabled by calling setJavaScript-

Enabled() on the WebSetting. By default, JavaScript execution is off.

– Access to the local file system (e.g. loading a file in a WebView) is enabled by

callingsetAllowFileAccess(). By default, WebViews have file system access.

– Access to files by JavaScript running in the context of a file scheme URI is enabled

by calling setAllowFileAccessFromFileURLs(). By default, WebViews grant

this access for API versions prior to Jelly Bean.

– Access to content from any origin by JavaScript running in the context of a file

scheme URI is enabled by calling setAllowUniversalAccessFromFileURLs().

By default, WebViews grant this access for API versions prior to Jelly Bean.



Webview is an interface that provide access to wide range of techniques for visiting web pages. The aim was to develop interface that improves the usability and efficiency in comparison to other browsers.Webview provides the facility of page identificationand its display organization.The webview component has enabled the android apps to add appealing and rich experience th the smartphone user but at the cost of their security.We have discusseda number of attacks on WebView, either by maliciousapps or against non-malicious apps. The main cause of the attack is unawareness of the user while accessing the web page.


1. T. Luo, H. Hao, W. Du, Y. Wang, and H. Yin. Attacks on webview in the android system.

2. T. Luo, X. Jin, A. Ananthanarayanan, and W. Du. Touchjacking Attacks on Web in Android, iOS, and Windows Phone.

3. Caja.

4. Droidgap.

5. [1] selection from access user pattern

...(download the rest of the essay above)

About this essay:

This essay was submitted to us by a student in order to help you with your studies.

If you use part of this page in your own work, you need to provide a citation, as follows:

Essay Sauce, . Available from:< > [Accessed 20.10.19].