FCDroid (Frame Confusion Android) is a tool to detect automatically the Frame Confusion vulnerability in Android hybrid apps.

Frame Confusion is a vulnerability affecting hybrid applications which allows circumventing the isolation granted by the Same-Origin Policy. The detection of such vulnerability is still carried out manually by application developers, but the process is error-prone and often underestimated. In this article, we propose a sound and complete methodology to detect the Frame Confusion on Android as well as a publicly-released tool (i.e., FCDroid) which implements such methodology and allows to detect the Frame Confusion in hybrid applications, automatically. We also make public the results obtained by analyzing 50K apps using FCDroid, which have revealed that many hybrid applications suffer from Frame Confusion.

Demo and Results

if you want to see the tool in action and see the full experimental results please visit FCDroid.