Detecting Overlay Attacks in Android
Abstract
Overlay attacks have long been a significant security concern affecting Android devices. Despite Android touch prevention mechanisms for external apps, internal apps and those sharing the same userID remain susceptible. Contrary to Android's claims, devices continue to exhibit background toasts opening an opportunity window for these overlay attacks and posing a threat to browser apps and webview activities within the same app. We propose a detection approach that leverages a blend of static detection and activity behavior analysis. Our detection approach enhances Android device security by addressing overlay vulnerabilities and their potential impact on user privacy and data security.
References
[1]
A. Bianchi, J. Corbetta, L. Invernizzi, Y. Fratantonio, C. Kruegel, G. Vigna, What the App is That? Deception and Countermeasures in the Android User Interface, in: 2015 IEEE Symposium On Security And Privacy, 2015, pp. 931–948.
[2]
Y. Fratantonio, C. Qian, S. Chung, W. Lee, Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop, in: 2017 IEEE Symposium On Security And Privacy (SP), 2017, pp. 1041–1057.
[3]
E. Alepis, C. Patsakis, Trapped by The UI: The Android Case, in: Research In Attacks, Intrusions, And Defenses: 20th International Symposium, RAID 2017, , Atlanta, GA, USA, 2017, pp. 334–354. September 18–20, 2017, Proceedings.
[4]
L. Wu, B. Brandt, X. Du, B. Ji, Analysis of Clickjacking Attacks and An Effective Defense Scheme for Android Devices, in: 2016 IEEE Conference On Communications And Network Security (CNS), 2016, pp. 55–63.
[5]
S. Wang, Z. Ling, Y. Zhang, R. Liu, J. Kraunelis, K. Jia, B. Pearson, X. Fu, Implication of Animation on Android Security, in: 2022 IEEE 42nd International Conference On Distributed Computing Systems (ICDCS), 2022, pp. 1122–1132.
[6]
Y. Yan, Z. Li, Q. Chen, C. Wilson, T. Xu, E. Zhai, Y. Li, Y. Liu, Understanding and Detecting Overlay-based Android Malware at Market Scales, in: Proceedings Of The 17th Annual International Conference On Mobile Systems, Applications, And Services, 2019, pp. 168–179.
[7]
E. Fernandes, Q. Chen, J. Paupore, G. Essl, J. Halderman, Z. Mao, A. Prakash, Android UI Deception Revisited: Attacks and Defenses, Financial Cryptography And Data Security (2017) 41–59.
[8]
M. Tang, M. Luo, J. Zhou, Z. Yang, Z. Guo, F. Yan, L Liu, Side-Channel Attacks in a Real Scenario, Tsinghua Science And Technology 23 (2018) 586–598.
[9]
T. Luo, X. Jin, A. Ananthanarayanan, W. Du, Touchjacking Attacks on Web in Android, iOS, and Windows Phone, International Symposium On Foundations And Practice Of Security (2012) 227–243.
[10]
Skylot JADX: Dex to Java Decompiler. (https://github.com/skylot/jadx,2023)
[11]
Eugene Android API Levels. (https://apilevels.com/,2023)
[12]
Y. Qiu, Tapjacking: An Untapped Threat in Android, Trend Micro (2012) Available http://blog.Trendmicro.com/trendlabs-security-intelligence/tapjacking-an-untapped-threat-inandroid /[7.12.2016].
[13]
M. Hussain, A. Al-Haiqi, A. Zaidan, B. Zaidan, M. Kiah, N. Anuar, M. Abdulnabi, The Rise of Keyloggers on Smartphones: A Survey and Insight into Motion-based Tap Inference Attacks, Pervasive And Mobile Computing 25 (2016) 1–25.
[14]
S. Dass, P. Datta, A. Namin, Attack Prediction using Hidden Markov Model, in: 2021 IEEE 45th Annual Computers, Software, And Applications Conference (COMPSAC), 2021, pp. 1695–1702.
[15]
Google Behavior changes: All Apps. (https://developer.android.com/about/versions/12/behavior-changes-all#untrusted-touch-events,2023)
[16]
M. Niemietz, J. Schwenk, UI Redressing Attacks on Android Devices, Black Hat Abu Dhabi (2012).
[17]
A. Kar, N. Stakhanova, Exploiting Android Browser, in: International Conference on Cryptology and Network Security, 2023.
[18]
A. Felt, M. Finifter, E. Chin, S. Hanna, D. Wagner, A Survey of Mobile Malware in The Wild, in: Proceedings Of The 1st ACM Workshop On Security And Privacy In Smartphones And Mobile Devices, 2011, pp. 3–14.
[19]
P. Faruki, A. Bharmal, V. Laxmi, V. Ganmoor, M. Gaur, M. Conti, M. Rajarajan, Android Security: A Survey of Issues, Malware Penetration, and Defenses, IEEE Communications Surveys & Tutorials 17 (2014) 998–1022.
[20]
A. Possemato, A. Lanzi, S. Chung, W. Lee, Y. Fratantonio, Clickshield: Are You Hiding Something? Towards Eradicating Clickjacking on Android, in: Proceedings Of The 2018 ACM SIGSAC Conference On Computer And Communications Security, 2018, pp. 1120–1136.
Recommendations
HybriDroid: static analysis framework for Android hybrid applications
ASE '16: Proceedings of the 31st IEEE/ACM International Conference on Automated Software EngineeringMobile applications (apps) have long invaded the realm of desktop apps, and hybrid apps become a promising solution for supporting multiple mobile platforms. Providing both platform-specific functionalities via native code like native apps and user ...
COVERT: Compositional Analysis of Android Inter-App Permission Leakage
Android is the most popular platform for mobile devices. It facilitates sharing of data and services among applications using a rich inter-app communication system. While access to resources can be controlled by the Android permission system, enforcing ...
Android: Changing the Mobile Landscape
The mobile phone landscape changed last year with the introduction of smart phones running Android, a platform marketed by Google. Android phones are the first credible threat to the iPhone market. Not only did Google target the same consumers as iPhone,...
Comments
Information & Contributors
Information
Published In
The Author(s).
Publisher
Elsevier Science Publishers B. V.
Netherlands
Publication History
Published: 12 April 2024
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 15 Sep 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in