Skip to content
/ WebViewTracer Public

A browser instrumentation and crawling framework for Android apps with WebViews

License

BSD-3-Clause license
2 stars 0 forks Branches Tags Activity
Star

wspr-ncsu/WebViewTracer

BranchesTags

Repository files navigation

WebViewTracer

WebViewTracer

This repository contains the artifact for our paper:

Cross-Boundary Mobile Tracking: Exploring Java-to-JavaScript Information Diffusion in WebViews

The artifact is divided into three main components:

Quick Start

Build VisibleV8 for WebViews

cd patches && bash ./build.sh

You may also use prebuilt binaries from the upstream VisibleV8 project.

Run the crawler system

To run a small-scale experiment on an emulator with a known set of apps run:

cd webviewtracer-crawler && bash ./setup.sh

Access execution traces

You can access the execution traces collected during the experiment on DataDryad.

For detailed instructions, see the artifact appendix. Additional artifacts required to run the experiment can be found on Zenodo.

System Requirements

  • Operating System: Linux (tested on Ubuntu 24.04; other modern Linux distributions should work).

  • Hardware:

    • Minimum: 8 CPU cores, 16 GB RAM, 200 GB free disk space (from Chromium builds)
    • Recommended: 16+ CPU cores, 32+ GB RAM, 1TB free disk space

  • Dependencies:

Please make sure you are able to docker without sudo privileges by following the instructions documented here.

Mobile requirements

If you plan on conducting a large-scale crawl, we recommend setting up a phone with the following specifications:

  • A phone (preferably a Pixel) that has higher specs than a Pixel 4a and is an unlocked bootloader.
  • Storage size of more than 5 GB
  • Android 13 that has been rooted using Magisk
  • Has the UIHaversterService.apk app installed
  • Screen locking is explicitly set to "None"
  • Has the VisibleV8 Webview version Systemized on top of the Android Beta WebViews app which should be set as the default webview provider.

Repository Structure

  • VisibleV8WebView Located in ./patches. Contains the modified VisibleV8 patches and build instructions for instrumented WebViews (based on Chromium v138).

  • WebViewTracerCrawler Located in ./webviewtracer-crawler. Contains the crawler system used to run experiments across our app dataset.

  • Dataset Located in ./dataset. Includes a JSON file with app metadata (hashes, versions, names) and a description of the app collection process.

Research paper

If you use any component of WebViewTracer in your research, please cite:

@inproceedings{datta2025webviewtracer,
  title={Cross-Boundary Mobile Tracking: Exploring Java-to-JavaScript Information Diffusion in WebViews},
  author={Datta, Sohom and Diamantaris, Michalis and Zafar, Ahsan and Su, Junhua and Das, Anupam and Polakis, Jason and Kapravelos, Alexandros},
  booktitle={Proceedings of the Network and Distributed System Security Symposium (NDSS)},
  year={2026},
}

About

A browser instrumentation and crawling framework for Android apps with WebViews

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

NDSS 2026 Latest
Sep 25, 2025

Languages