A Secure Bridge-Based Execution Architecture for Hybrid Mobile Applications
DOI:
https://doi.org/10.15662/IJRAI.2023.0601007Keywords:
Hybrid Mobile Architecture, Secure JavaScript Bridges, Execution Models, Enterprise-Scale Mobile Systems, Native–Web Interoperability, Runtime Orchestration, Cross-Platform Mobile Platforms, Secure Mobile Engineering, WebView ArchitectureAbstract
The hybrid mobile platforms which incorporate the web applications inside containers of the native environment are characterized by important benefits in terms of developing efficiency and cross-platform consistency; however, they also introduce complicated issues of security, runtime coordination, state synchronization, and scale performance. This article outlines a safe bridge-based execution framework that is aimed at dealing with these issues in the hybrid mobile systems of the enterprise scale. The proposed model establishes a formalized communication layer between native mobile runtimes and integrated web systems that allows one to have controlled bi-directional interaction to achieve authentication, session management, deep linking, analytics, and integrations in the device layer.
The article discusses structural design concepts of safe JavaScript bridge architecture, host isolation, and orchestration at an event so as to avoid unauthorized access and predictable execution behavior. It also looks at the methods of using common application state between native and web layers and still achieve data integrity, performance, and fault tolerance in memory-restricted mobile applications. Deliveries of production into large-scale, publicly accessible platforms show that this model of execution minimizes fragmentation of the platform, increases the speed of release and reliability without reducing the security or accessibility. The results make secure bridge-based execution one of the base architecture patterns to create scalable and resilient hybrid mobile platforms in regulated and controlled digital ecosystems in the enterprise.
References
1. Android Developers, “WebView – Native bridges | Security,” Android Developers, 2021. [Online]. Available: https://developer.android.com/privacy-and-security/risks/insecure-webview-native-bridges
2. Deloitte Digital, “Hybrid Mobile App Security,” Deloitte Insights, 2022. [Online]. Available: https://www.deloittedigital.com/mt/en/insights/2023/hybrid-mobile-app-security.html
3. Distrito Telefónica, “Development of Hybrid Applications in WebView – Part 1,” Telefónica Engineering Blog, 2022. [Online]. Available: https://hub.telefonica.com/en/engineering/webview-based-hybrid-application-development-at-telefonica-tips-and-best-practices
4. YesITLabs, “Security Best Practices for Hybrid App Development: Protecting Your Data and Users,” 2022. [Online]. Available: https://www.yesitlabs.com/security-best-practices-for-hybrid-app-development-protecting-your-data-and-users/
5. IJCTT Journal, “WebView Security Best Practices,” International Journal of Computer Trends & Technology, Dec. 2022. [Online]. Available: https://ijcttjournal.org/archives/ijctt-v72i12p121
6. Xebia, “A Primer on Hybrid Mobile Applications,” Xebia Blog, 2015. [Online]. Available: https://xebia.com/blog/a-primer-on-hybrid-mobile-applications/
7. OWASP, “OWASP Mobile Top 10,” OWASP, 2022. [Online]. Available: https://owasp.org/www-project-mobile-top-10/
8. Red Sentry, “Understanding WebView Vulnerabilities in Android Apps,” RedSentry Blog, 2022. [Online]. Available: https://redsentry.com/resources/blog/understanding-webview-vulnerabilities-in-android-apps
9. LogicalHacking, “The Security Risks of Hybrid Mobile Apps,” LogicalHacking Blog, 2017. [Online]. Available: https://logicalhacking.com/blog/2017/05/12/owasp-appseceu-hybrid/
10. AppMaster, “Frameworks for Building Hybrid Mobile Apps,” AppMaster Blog, 2022. [Online]. Available: https://appmaster.io/blog/frameworks-for-building-hybrid-mobile-apps
