Methods and apparatuses for improved mobile app security testing via bridged native and web user interface interaction

US 10,735,449 B2
Filed: 07/11/2017
Issued: 08/04/2020
Est. Priority Date: 07/11/2017
Status: Active Grant

First Claim

Patent Images

1. A method for improved app security testing using a security instrumentation system, the method comprising:

receiving, by the security instrumentation system, a native app for analysis;

discovering, by the security instrumentation system, one or more user interface elements provided by the native app;

interrogating, by the security instrumentation system, the one or more user interface elements provided by the native app;

serializing, by the security instrumentation system, the one or more user interface elements of the native app, wherein serializing the one or more user interface elements of the native app comprises provisioning the one or more user interface elements of the native app and generating, using the provisioned one or more user interface elements of the native app, web version interface elements of the native app'"'"'s one or more user interface elements for rendering in a web browser;

causing presentation of the serialized web version interface elements of the native app'"'"'s one or more user interface elements on the web browser;

recording, by the security instrumentation system, a user interaction with the web version interface elements in the web browser; and

causing injection of the user interaction with the web version interface elements into the native app.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatuses disclosed herein for improved mobile app security testing via bridged native and web user interface interaction. In one example embodiment, a method is provided comprising receiving, by a security instrumentation system, an app for analysis, and discovering, by the security instrumentation system, one or more user interface elements provided by the app. Thereafter, interrogating, by the security instrumentation system, the one or more user interface elements provided by the app and serializing, by the security instrumentation system, the one or more user interface elements. In some embodiments, after serializing the one or more user interface elements, causing presentation of the serialized one or more interface elements via a web browser.

Citations

17 Claims

1. A method for improved app security testing using a security instrumentation system, the method comprising:
- receiving, by the security instrumentation system, a native app for analysis;
  
  discovering, by the security instrumentation system, one or more user interface elements provided by the native app;
  
  interrogating, by the security instrumentation system, the one or more user interface elements provided by the native app;
  
  serializing, by the security instrumentation system, the one or more user interface elements of the native app, wherein serializing the one or more user interface elements of the native app comprises provisioning the one or more user interface elements of the native app and generating, using the provisioned one or more user interface elements of the native app, web version interface elements of the native app'"'"'s one or more user interface elements for rendering in a web browser;
  
  causing presentation of the serialized web version interface elements of the native app'"'"'s one or more user interface elements on the web browser;
  
  recording, by the security instrumentation system, a user interaction with the web version interface elements in the web browser; and
  
  causing injection of the user interaction with the web version interface elements into the native app.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein discovering the one or more user interface elements provided by the native app comprises:
    - traversing an object hierarchy of the native app to discover a set of potential user interface elements;
      
      querying whether each potential user interface element in the set of potential user interface elements supports an event or exhibits a behavior; and
      
      enumerating, based on the query, a subset of potential user interface elements that support an event or exhibit a behavior, wherein the subset comprises the one or more user interface elements.
  - 3. The method of claim 1, wherein interrogating the one or more user interface elements provided by the native app comprises accessing one or more text values of the one or more user interface elements.
  - 4. The method of claim 1, further comprising:
    - receiving an indication of an occurrence of an event or behavior that initiates an operation from the native app; and
      
      relaying the event or behavior to an interactivity mediator service, the interactivity mediator service is a rendezvous point for handling one or more sessions associated with the web browser.
  - 5. The method of claim 4, wherein the one or more sessions associated with the web browser remain active when the web browser is disconnected.
  - 6. The method of claim 4, wherein the one or more sessions associated with the web browser provide a real-time display of the interaction with the one or more user interface elements on the native app alongside the presentation of the web version interface elements in the web browser.

7. An apparatus comprising at least one processor and at least one memory including computer program instructions, the at least one memory and the computer program instructions configured to, with the at least one processor, cause the apparatus at least to:
- receive, by a security instrumentation system, a native app for analysis;
  
  discover, by the security instrumentation system, one or more user interface elements provided by the native app;
  
  interrogate, by the security instrumentation system, the one or more user interface elements provided by the native app;
  
  serialize, by the security instrumentation system, the one or more user interface elements of the native app, wherein serializing the one or more user interface elements of the native app comprises provisioning the one or more user interface elements of the native app and generating, using the provisioned one or more user interface elements of the native app, web version interface elements of the native app'"'"'s one or more user interface elements for rendering in a web browser;
  
  cause presentation of the serialized web version interface elements of the native app'"'"'s one or more user interface elements on the web browser;
  
  record, by the security instrumentation system, a user interaction with the web version interface elements in the web browser; and
  
  cause injection of the user interaction with the web version interface elements into the native app.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus of claim 7, wherein discovering the one or more user interface elements provided by the native app comprises:
    - traversing an object hierarchy of the native app to discover a set of potential user interface elements;
      
      querying whether each potential user interface element in the set of potential user interface elements supports an event or exhibits a behavior; and
      
      enumerating, based on the query, a subset of potential user interface elements that support an event or exhibit a behavior, wherein the subset comprises the one or more user interface elements.
  - 9. The apparatus of claim 7, wherein interrogating the one or more user interface elements provided by the native app comprises accessing one or more text values of the one or more user interface elements.
  - 10. The apparatus of claim 7, further comprising the at least one memory and the computer program instructions configured to, with the at least one processor, further cause the apparatus to:
    - receive an indication of an occurrence of an event or behavior that initiates an operation from the native app; and
      
      relay the event or behavior to an interactivity mediator service, the interactivity mediator service is a rendezvous point for handling one or more sessions associated with the web browser.
  - 11. The apparatus of claim 10, wherein the one or more sessions associated with the web browser remain active when the web browser is disconnected.
  - 12. The apparatus of claim 10, wherein the one or more sessions associated with the web browser provide a real-time display of the interaction with the one or more user interface elements on the native app alongside the presentation of the web version interface elements in the web browser.

13. A computer program product comprising at least one non-transitory computer-readable storage medium bearing computer program instructions embodied therein for use with a computer, the computer program instructions comprising program instructions configured to cause the computer to:
- receive, by a security instrumentation system, a native app for analysis;
  
  discover, by the security instrumentation system, one or more user interface elements provided by the native app;
  
  interrogate, by the security instrumentation system, the one or more user interface elements provided by the native app;
  
  serialize, by the security instrumentation system, the one or more user interface elements of the native app, wherein serializing the one or more user interface elements of the native app comprises provisioning the one or more user interface elements of the native app and generating, using the provisioned one or more user interface elements of the native app, web version interface elements of the native app'"'"'s one or more user interface elements for rendering in a web browser;
  
  cause presentation of the serialized web version interface elements of the native app'"'"'s one or more user interface elements on the web browser;
  
  record, by the security instrumentation system, a user interaction with the web version interface elements in the web browser; and
  
  cause injection of the user interaction with the web version interface elements into the native app.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13, wherein discovering the one or more user interface elements provided by the native app comprises:
    - traversing an object hierarchy of the native app to discover a set of potential user interface elements;
      
      querying whether each potential user interface element in the set of potential user interface elements supports an event or exhibits a behavior; and
      
      enumerating, based on the query, a subset of potential user interface elements that support an event or exhibit a behavior, wherein the subset comprises the one or more user interface elements.
  - 15. The computer program product of claim 13, wherein interrogating the one or more user interface elements provided by the native app comprises accessing one or more text values of the one or more user interface elements.
  - 16. The computer program product of claim 13, further comprising program instructions configured to cause the computer to:
    - receive an indication of an occurrence of an event or behavior that initiates an operation from the native app; and
      
      relay the event or behavior to an interactivity mediator service, the interactivity mediator service is a rendezvous point for handling one or more sessions associated with the web browser.
  - 17. The computer program product of claim 16, wherein the one or more sessions associated with the web browser remain active when the web browser is disconnected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Viaforensics, LLC
Original Assignee
Viaforensics, LLC
Inventors
Weinstein, David, Ravnas, Ole Andre Vadla, Kristensen, Erik
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Pan, Peiliang

Application Number

US15/646,741
Publication Number

US 20190020673A1
Time in Patent Office

1,120 Days
Field of Search

726 25
US Class Current
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 3/0481   based on specific propertie...

H04L 63/1433   Vulnerability analysis

H04L 67/02   based on web technology, e....

H04L 67/125   involving control of end-de...

H04L 67/14   Session management for real...

H04L 67/535   Tracking the activity of th...

H04W 12/37   Managing security policies ...

Methods and apparatuses for improved mobile app security testing via bridged native and web user interface interaction

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatuses for improved mobile app security testing via bridged native and web user interface interaction

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links