Conference ProceedingsOPEN ACCESS

Activity spoofing and its defense in android smartphones

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2014) 8479 LNCS 494-512
DOI: 10.1007/978-3-319-07536-5_29
3Citations
Citations of this article
32Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Smartphones have become ubiquitous in today's digital world as a mobile platform allowing anytime access to email, social platforms, banking, and shopping. Many providers supply native applications as a method to access their services, allowing users to login directly through a downloadable app. In this paper, we first expose a security vulnerability in the Android framework that allows for third party apps to spoof native app activities, or screens. This can lead to a wide variety of security risks including the capture and silent exfiltration of login credentials and private data. We then compare current defense mechanisms, and introduce the concept of Trusted Activity Chains as a lightweight protection against common spoofing attacks. We develop a proof of concept implementation and evaluate its effectiveness and performance overhead. © 2014 Springer International Publishing.

Cite

CITATION STYLE

APA

Cooley, B., Wang, H., & Stavrou, A. (2014). Activity spoofing and its defense in android smartphones. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8479 LNCS, pp. 494–512). Springer Verlag. https://doi.org/10.1007/978-3-319-07536-5_29

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free