- Pins the WebApp to the domain in the URL, each such NativeWrapped app has a separate cookie store, preventing cross-site attacks.
- SSL Pinning support.
- Integrates with the HTTPSEverywhere ruleset to provide support for forcing HTTPS on WebApps.
1. Visit the desired URL in a Web browser on the device.
2. Use browser options to "SHARE" the page/URL.
3. Select NativeWrap from the list of options in the Chooser.
4. Customize the target app name & permissions.
5. Choose the "Common origin" option to allow apps with the same second level subdomain (i.e. "google.com" in "accounts.google.com" & "mail.google.com") to operate in the target app.
6. Select "Make APK".
IMPORTANT SECURITY NOTE: When "wrapping" a URL, the "Unknown Sources" security setting must be enabled. The UI will navigate you to the settings page. Immediately disable "Unknown Sources" after wrapping the URL.
Compatibility with Lollipop: There is a particular bug in Lollipop that causes NativeWrap to not work. It was fixed in the source, but users will have to wait till the next update till the patch reaches their devices, and NativeWrap starts to work. More information here: https://android-review.googlesource.com/#/c/113704/
- NativeWrap only requires the INTERNET permission, to update the HTTPSEverywhere ruleset.
NativeWrap currently allows the user to customize a limited set of permissions for target apps, since our primary goal is to provide a privacy preserving alternative to highly overprivileged apps. Find more about NativeWrap here: http://research.csc.ncsu.edu/security/nativewrap
This app has access to :