How To HybridCustom HTML5-Native Bridge for AndroidMICHAEL HANTLER
ANDROIDDEV101.COM
PhoneGap (Cordova) framework
The open source framework we all know and love uses a similar technology in order to transmit requests over the HTML5-Java Bridge (JavaScript prompt boxes)
If We Build It…They will Code
JavaScript Java
It’s All About the WebView Baby
Similar to the Cordova(PhoneGap) implementation we will utilize built-in components of the Android WebView. This functionality will give us two way communication between our Java code and our HTML5(JavaScript) code.
+
JavaScript to Java public void addJavascriptInterface (Object object, String name)
class JsObject { @JavascriptInterface public String toString() { return "injectedObject"; } } webView.addJavascriptInterface(new JsObject(), "injectedObject"); webView.loadData("", "text/html", null); webView.loadUrl("javascript:alert(injectedObject.toString())");
WebView Exploits
AVG: Analyzing an Android WebView exploit by Elad Shapira
MWR InfoSecurity: WebView addJavascriptInterface Remote Code Execution
Trigger.io: Why Trigger.io doesn’t use PhoneGap – 5x faster native bridge
Java to JavaScript public void loadUrl (String url)
class JsObject { @JavascriptInterface public String toString() { return "injectedObject"; } } webView.addJavascriptInterface(new JsObject(), "injectedObject"); webView.loadData("", "text/html", null); webView.loadUrl("javascript:alert(injectedObject.toString())");
Examples on GitHub All example code can be found on Github at https://github.com/mhant/DroidConTLV2014
Basic Bridge example
Example: Ads
Example: Drawer
Example: Login
Shout Outs
www.AndroidDev101.com
Delivering the highest quality mobile app and web app development. Previous clients include Caesars Interactive Entertainment, YMCA related firms, and a wide assortment of breakthrough startups.