Overview
Explore the vulnerabilities in Android's user interface that can lead to deception and phishing attacks in this IEEE conference talk. Delve into a detailed analysis of how users can be misled into misidentifying apps, potentially exposing sensitive information to malicious actors. Discover various attack vectors, including novel techniques like non-escapable full screen overlays, that exploit limitations in Android's GUI. Learn about a two-layer defense system developed to combat these threats, comprising a market-level detection tool using static analysis and an on-device security indicator in the system navigation bar. Examine the results of a user study involving 308 participants, demonstrating the effectiveness of the proposed countermeasures in significantly improving users' ability to detect GUI-based attacks on Android devices.
Syllabus
What the App is That? Deception and Countermeasures in the Android User Interface
Taught by
IEEE Symposium on Security and Privacy