Explore the vulnerabilities in Android's user interface that can lead to deception and phishing attacks in this IEEE conference talk. Delve into a detailed analysis of how users can be misled into misidentifying apps, potentially exposing sensitive information to malicious actors. Discover various attack vectors, including novel techniques like non-escapable full screen overlays, that exploit limitations in Android's GUI. Learn about a two-layer defense system developed to combat these threats, comprising a market-level detection tool using static analysis and an on-device security indicator in the system navigation bar. Examine the results of a user study involving 308 participants, demonstrating the effectiveness of the proposed countermeasures in significantly improving users' ability to detect GUI-based attacks on Android devices.
What the App is That? Deception and Countermeasures in the Android User Interface
Overview
Syllabus
What the App is That? Deception and Countermeasures in the Android User Interface
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
-
Click and Dagger - Denial and Deception on Android Smartphones
-
Trust, But Verify - A Longitudinal Analysis Of Android OEM Compliance and Customization
-
Happer - Unpacking Android Apps via a Hardware-Assisted Approach
-
PhishFarm - A Scalable Framework for Measuring the Effectiveness of Evasion Techniques Against Browser Phishing Blacklists
-
If HTTPS Were Secure I Wouldn't Need 2FA - End User and Administrator Mental Models of HTTPS
-
The Rise of the Citizen Developer - Assessing the Security Impact of Online App Generators
