HuiYu Wuis an security researcher at Tencent Security Department.Currently,his research is mainly focused on IoT security and Mobile Security. He is also a bug Hunter,found many high risk vulnerabilities in Alibaba,Baidu,Huawei,,Qihoo,Lenovo,Line and more.Winner of GeekPwn 2015.
[Abstract]
==========
hybrid application is one that combines elements of both native and Web applications. Nowadays, working in hybrid mobile app development makes life easier for developers as they are able to write once and build mobile applications that run on the main platforms with no extra effort. The application will run on Android and iOS and the code can be reused for progressive web applications。 Many companies have developed their own Hybrid App. Such as Facebook, Amazon, Tencent,Paypal, Alibaba, Line。
Hybrid App mainstream platforms include Cordova (PhoneGap), AppCan, appMobi, Titanium, etc. This talk will cover the Hybrid app’s mainstream implementation, and security architecture。Of course, I will also introduce how to bypass the hybrid app security mechanism,and attack Hybrid App to achieve remote code execution or privilege leak and information disclosure.