{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2017:OMDWV33HOKHLBN5CQ3X6OD3Q6P","short_pith_number":"pith:OMDWV33H","canonical_record":{"source":{"id":"1709.05690","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-09-17T16:54:33Z","cross_cats_sorted":["cs.SE"],"title_canon_sha256":"fadceb9977372699e61af86ffbe593e4c3345f08abc4ddc9fbe531a01ca04960","abstract_canon_sha256":"3f5f845e118ce9ee4dc70203efb1897bca8863fcabb771d28534ba6d3149407e"},"schema_version":"1.0"},"canonical_sha256":"73076aef67728eb0b7a286efe70f70f3c6d7d46edda9d427f33203b3068649f2","source":{"kind":"arxiv","id":"1709.05690","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1709.05690","created_at":"2026-05-17T23:46:55Z"},{"alias_kind":"arxiv_version","alias_value":"1709.05690v2","created_at":"2026-05-17T23:46:55Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1709.05690","created_at":"2026-05-17T23:46:55Z"},{"alias_kind":"pith_short_12","alias_value":"OMDWV33HOKHL","created_at":"2026-05-18T12:31:34Z"},{"alias_kind":"pith_short_16","alias_value":"OMDWV33HOKHLBN5C","created_at":"2026-05-18T12:31:34Z"},{"alias_kind":"pith_short_8","alias_value":"OMDWV33H","created_at":"2026-05-18T12:31:34Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2017:OMDWV33HOKHLBN5CQ3X6OD3Q6P","target":"record","payload":{"canonical_record":{"source":{"id":"1709.05690","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-09-17T16:54:33Z","cross_cats_sorted":["cs.SE"],"title_canon_sha256":"fadceb9977372699e61af86ffbe593e4c3345f08abc4ddc9fbe531a01ca04960","abstract_canon_sha256":"3f5f845e118ce9ee4dc70203efb1897bca8863fcabb771d28534ba6d3149407e"},"schema_version":"1.0"},"canonical_sha256":"73076aef67728eb0b7a286efe70f70f3c6d7d46edda9d427f33203b3068649f2","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:46:55.658224Z","signature_b64":"UltWDLgqOnCuxNh2C4l1zPkjTL/0yYt90AkkntBqlES7t1Nb4m85QVjfKkmEqQQzgcBULbahPWkCuRG//xgiDQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"73076aef67728eb0b7a286efe70f70f3c6d7d46edda9d427f33203b3068649f2","last_reissued_at":"2026-05-17T23:46:55.657539Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:46:55.657539Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1709.05690","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:46:55Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"62P1AXTUT0FaFzzKrGBg1/NO61rDl8DC5yPSTp2oK+oEfEUSW2rZHuXk7KIYByUjYJP7K2hna8u+iaKbD9tfAQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-08T13:59:43.884942Z"},"content_sha256":"4f5dce3f449f3836605034710ca3b8cdb38024e48d517025fa1801844e5ce323","schema_version":"1.0","event_id":"sha256:4f5dce3f449f3836605034710ca3b8cdb38024e48d517025fa1801844e5ce323"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2017:OMDWV33HOKHLBN5CQ3X6OD3Q6P","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.SE"],"primary_cat":"cs.CR","authors_text":"Claudio Rizzo, Johannes Kinder, Lorenzo Cavallaro","submitted_at":"2017-09-17T16:54:33Z","abstract_excerpt":"A Webview embeds a full-fledged browser in a mobile application and allows the application to expose a custom interface to JavaScript code. This is a popular technique to build so-called hybrid applications, but it circumvents the usual security model of the browser: any malicious JavaScript code injected into the Webview gains access to the interface and can use it to manipulate the device or exfiltrate sensitive data. In this paper, we present an approach to systematically evaluate the possible impact of code injection attacks against Webviews using static information flow analysis. Our key "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1709.05690","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:46:55Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"B3tiEJHDn7Xwx3ozFRxEgJrtZh9X4Ga4xiGE8ihcXv7IBpq61fesh4S89GuO3TQgEs/IVDXEmQer3FYWTcWmAQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-08T13:59:43.885556Z"},"content_sha256":"2240200ca0123dc371130c7241632b94e3a43b84ec91cf24b07ee08b19eba7fb","schema_version":"1.0","event_id":"sha256:2240200ca0123dc371130c7241632b94e3a43b84ec91cf24b07ee08b19eba7fb"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/OMDWV33HOKHLBN5CQ3X6OD3Q6P/bundle.json","state_url":"https://pith.science/pith/OMDWV33HOKHLBN5CQ3X6OD3Q6P/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/OMDWV33HOKHLBN5CQ3X6OD3Q6P/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-08T13:59:43Z","links":{"resolver":"https://pith.science/pith/OMDWV33HOKHLBN5CQ3X6OD3Q6P","bundle":"https://pith.science/pith/OMDWV33HOKHLBN5CQ3X6OD3Q6P/bundle.json","state":"https://pith.science/pith/OMDWV33HOKHLBN5CQ3X6OD3Q6P/state.json","well_known_bundle":"https://pith.science/.well-known/pith/OMDWV33HOKHLBN5CQ3X6OD3Q6P/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2017:OMDWV33HOKHLBN5CQ3X6OD3Q6P","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"3f5f845e118ce9ee4dc70203efb1897bca8863fcabb771d28534ba6d3149407e","cross_cats_sorted":["cs.SE"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-09-17T16:54:33Z","title_canon_sha256":"fadceb9977372699e61af86ffbe593e4c3345f08abc4ddc9fbe531a01ca04960"},"schema_version":"1.0","source":{"id":"1709.05690","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1709.05690","created_at":"2026-05-17T23:46:55Z"},{"alias_kind":"arxiv_version","alias_value":"1709.05690v2","created_at":"2026-05-17T23:46:55Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1709.05690","created_at":"2026-05-17T23:46:55Z"},{"alias_kind":"pith_short_12","alias_value":"OMDWV33HOKHL","created_at":"2026-05-18T12:31:34Z"},{"alias_kind":"pith_short_16","alias_value":"OMDWV33HOKHLBN5C","created_at":"2026-05-18T12:31:34Z"},{"alias_kind":"pith_short_8","alias_value":"OMDWV33H","created_at":"2026-05-18T12:31:34Z"}],"graph_snapshots":[{"event_id":"sha256:2240200ca0123dc371130c7241632b94e3a43b84ec91cf24b07ee08b19eba7fb","target":"graph","created_at":"2026-05-17T23:46:55Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"A Webview embeds a full-fledged browser in a mobile application and allows the application to expose a custom interface to JavaScript code. This is a popular technique to build so-called hybrid applications, but it circumvents the usual security model of the browser: any malicious JavaScript code injected into the Webview gains access to the interface and can use it to manipulate the device or exfiltrate sensitive data. In this paper, we present an approach to systematically evaluate the possible impact of code injection attacks against Webviews using static information flow analysis. Our key ","authors_text":"Claudio Rizzo, Johannes Kinder, Lorenzo Cavallaro","cross_cats":["cs.SE"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-09-17T16:54:33Z","title":"BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1709.05690","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:4f5dce3f449f3836605034710ca3b8cdb38024e48d517025fa1801844e5ce323","target":"record","created_at":"2026-05-17T23:46:55Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"3f5f845e118ce9ee4dc70203efb1897bca8863fcabb771d28534ba6d3149407e","cross_cats_sorted":["cs.SE"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-09-17T16:54:33Z","title_canon_sha256":"fadceb9977372699e61af86ffbe593e4c3345f08abc4ddc9fbe531a01ca04960"},"schema_version":"1.0","source":{"id":"1709.05690","kind":"arxiv","version":2}},"canonical_sha256":"73076aef67728eb0b7a286efe70f70f3c6d7d46edda9d427f33203b3068649f2","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"73076aef67728eb0b7a286efe70f70f3c6d7d46edda9d427f33203b3068649f2","first_computed_at":"2026-05-17T23:46:55.657539Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:46:55.657539Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"UltWDLgqOnCuxNh2C4l1zPkjTL/0yYt90AkkntBqlES7t1Nb4m85QVjfKkmEqQQzgcBULbahPWkCuRG//xgiDQ==","signature_status":"signed_v1","signed_at":"2026-05-17T23:46:55.658224Z","signed_message":"canonical_sha256_bytes"},"source_id":"1709.05690","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:4f5dce3f449f3836605034710ca3b8cdb38024e48d517025fa1801844e5ce323","sha256:2240200ca0123dc371130c7241632b94e3a43b84ec91cf24b07ee08b19eba7fb"],"state_sha256":"b4586fa901bceb44b838a2a6e3d0cb5c228460452bb06b291c11a96093ea16b6"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"kbby6SrAJNux3WSy7ip+3J6Jhx1lWbJe0jTxdy6i8Dno5d6CwlNOpc04pfXhcIDHpE42v47ET0q+CrWdIKvZCw==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-08T13:59:43.888708Z","bundle_sha256":"fa68d11ef35ba91af964961a02b32ebc0001680c425afaf8c53c5dc4a7e43e5a"}}