[1] T. Luo, X. Jin, A. Ananthanarayanan, and W.
Du,Touchjacking Attacks on Web in Android, iOS, and
Windows Phone. In Proceedings of the 5th International
Symposium on Foundations & Practice of Security,
October 25-26, 2012.
[2] T. Luo, H. Hao, W. Du, Y. Wang, and H. Yin.,”Attacks
on webview in the android system”, In Proceedings of
the 27th Annual Computer Security Applications,
Conference, pages 343352, ACM, 2011.
[3] Bhavani A B, “Cross-site Scripting attacks on Android
WebView”, International Journal for Computer Science
and Network (IJCSN), Volume 2, Issue 2, Feb 2013.
[4] A. P. Felt, K. Greenwood, and D. Wagner. The
effectiveness of application permissions, In
proceedings of the 2nd USENIX conference on Web
application development, WebApps’11, pages 7-7,
Berkeley, CA, USA, 2011.
[5] V. Konstantin Kafer, Cross Site Request Forgery,
Hasso-Plattner-Institut, Potsdam. OWASP
[6] A. Barth, C. Jackson, and J. C. Mitchell. Robust
defenses for Cross-Site Request Forgery, In
Proceedings of the 15th ACM Conference on
Computer and Communications Security (CCS 2008),
pages 7588, 2008.
[7] Ziqing Mao, Ninghui Li, Ian Molloy, Defeating Cross-
Site Request Forgery Attacks with Browser-Enforced
Authenticity Protection, Financial Cryptography 2009:
238-255.
[8] X. N. W. Group. Hypertext transfer protocol
HTTP/1.1. RFC 2616, June 1999.
http://www.ietf.org/rfc/rfc2616.txt.
[9] XI. M. Zalweski, Browser security handbook,
http://code.google.com/p/browsersec/wiki/Part2, 2008.
[10] Backes, Michael. Sebastian Gerling, Phillip von Styp-
Rekowsky. A Local Cross-Site Scripting Attack
against Android Phones, Saarland University, Aug
2011.
[11] Chuck Willis,Preparing for the Cross Site Request
Forgery Defense, Presented at Black Hat Briefings DC
2008 on February 20, 2008.
[12] Jesse Burns, Cross site request Forgery, Information
Security Partners, LLC.
[13] Chuan Yue, Mitigating cross-site form history
spamming attacks with domain-based ranking, In
Proceedings of the DIMVA (2011), pp. 104123.
[14] Nenad Jovanovic, Engin Kirda, and Christopher
Kruegel,Preventing Cross Site Request Forgery
Attacks, IEEE International Conference on Security
and Privacy in Communication Networks
(SecureComm), Baltimore, MD, USA, August 2006.
[15] Wim Maes, Thomas Heyman, Lieven Desmet, Wouter
Joosen, Browser protection against cross-site request
forgery, Proceedings of the first ACM workshop on
Secure execution of untrusted code, pages 3-10,
Chicago, Illinois, USA, 9 November 2009.
[16] Ingrid Lunden (1 July 2013). ”Android, Led By
Samsung, Continues To Storm The Smartphone
Market, Pushing A Global 70% Market Share
“http://techcrunch.com/2013/07/01/android-led-bysamsung-
continues-to-storm-the-smartphone-marketpushing-
a-global-70-market-share” TechCrunch. AOL
Inc. Retrieved 2 July 2013.
[17] Android Development
Team,http://developer.android.com/index.html
[18] Simple PHP Forum
Script, ”www.webestools.com/ftp/ybouane/scripts/tuto
rials/php/forum”
[19] Android Development Team. WebView,
http://developer.android.com/reference/android/webkit
/WebView.html
[20] HTTPClient http://hc.apache.org/httpcomponentsclient-
ga/
[21] Fundamentals of HTTP components
http://hc.apache.org/httpcomponents-clientga/
tutorial/html/fundamentals.html
[22] HTTP Message Headers
http://www.w3.org/Protocols/rfc2616/rfc2616-
sec4.html