The Web undertook a progressive conceptual switch from a mesh of interconnected documents to an application distribution platform. In parallel, smartphones and tablets changed the way people consume Web content. With Web apps being ubiquitous, mobile platforms are introducing new mechanisms to integrate Web content into the operating system: in addition to apps embedding browsers, cross-platform apps can be developed using Web frameworks with little to no app development experience. At the same time, powerful Web APIs are in development to close the gap between Web and native apps.

The security and privacy implications of this ongoing transformation have yet to be explored. In particular, the security analysis is hampered by the fast-changing nature of Web and mobile platforms and the contrasting evolution of functionalities across different OSes and browsers. Previous work mainly focused on security and privacy issues affecting either websites or mobile apps in isolation.

We propose to develop a unified framework that will enable us to rigorously evaluate the security implications of the intersection between Web and mobile platforms. We plan to shed light on new ways that Web and mobile apps can interact with each other and how these interactions could potentially lead to security and privacy issues. We will conduct large-scale measurements to confirm the impact of our findings, and we will propose remediation strategies for the emerging mechanisms analyzed.