In addition to hybrid mobile apps, most native mobile apps also use embedded browsers to display external web content such as their website, advertisements, or social network plugins. A recent study revealed that 85% of Android apps contain web content in their embedded browsers. We henceforth refer to hybrid mobile apps and native mobile apps with web content collectively as `web-embedded mobile apps’.
Although web-embedded mobile apps bring strong advantages to the mobile development industry, they also severely exacerbate the security problems of mobile apps, due to the exposure of sensitive device resources to pernicious web-based attacks, which is not true of typical native mobile apps. A recent large-scale study on nearly one million web-embedded mobile apps revealed that 28% of them (i.e., about 280 thousand apps) have a least one vulnerability that attackers can exploit to launch serious cyber-attacks. Numerous other studies provide research and experiments that further highlight this issue.