ccs2018.zip

<html xmlns="http://www.w3.org/1999/xhtml"><head><meta charset="utf-8"><meta name="generator" content="pdf2htmlEX"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><link rel="stylesheet" href="https://csdnimg.cn/release/download_crawler_static/css/base.min.css"><link rel="stylesheet" href="https://csdnimg.cn/release/download_crawler_static/css/fancy.min.css"><link rel="stylesheet" href="https://csdnimg.cn/release/download_crawler_static/12728047/raw.css"><script src="https://csdnimg.cn/release/download_crawler_static/js/compatibility.min.js"></script><script src="https://csdnimg.cn/release/download_crawler_static/js/pdf2htmlEX.min.js"></script><script>try{pdf2htmlEX.defaultViewer = new pdf2htmlEX.Viewer({});}catch(e){}</script><title></title></head><body><div id="sidebar" style="display: none"><div id="outline"></div></div><div id="pf1" class="pf w0 h0" data-page-no="1"><div class="pc pc1 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://csdnimg.cn/release/download_crawler_static/12728047/bg1.jpg"><div class="t m0 x1 h2 y1 ff1 fs0 fc0 sc0 ls0 ws0">ClickShield:<span class="_"> </span>Are<span class="_"> </span>Y<span class="_ _0"></span>ou<span class="_"> </span>Hiding<span class="_"> </span>Something?</div><div class="t m0 x2 h2 y2 ff1 fs0 fc0 sc0 ls0 ws0">T<span class="_ _1"></span>owar<span class="_ _2"></span>ds<span class="_"> </span>Eradicating<span class="_"> </span>Clickjacking<span class="_"> </span>on<span class="_"> </span>Android</div><div class="t m0 x3 h3 y3 ff2 fs1 fc0 sc0 ls0 ws0">Andrea<span class="_"> </span>Possemato</div><div class="t m0 x4 h4 y4 ff2 fs2 fc0 sc0 ls0 ws0">EURECOM,<span class="_"> </span>France</div><div class="t m0 x5 h4 y5 ff2 fs2 fc0 sc0 ls0 ws0">andrea.possemato@gmail.com</div><div class="t m0 x6 h3 y3 ff2 fs1 fc0 sc0 ls0 ws0">Andrea<span class="_"> </span>Lanzi</div><div class="t m1 x7 h4 y4 ff2 fs2 fc0 sc0 ls0 ws0">Universita&#8217;<span class="_"> </span>degli<span class="_"> </span>Studi<span class="_"> </span>di<span class="_"> </span>Milano,<span class="_"> </span>Italy</div><div class="t m0 x8 h4 y5 ff2 fs2 fc0 sc0 ls0 ws0">andrea.lanzi@unimi.it</div><div class="t m0 x9 h3 y3 ff2 fs1 fc0 sc0 ls0 ws0">Simon<span class="_"> </span>Pak<span class="_"> </span>Ho<span class="_"> </span>Chung</div><div class="t m0 xa h4 y4 ff2 fs2 fc0 sc0 ls0 ws0">Georgia<span class="_"> </span>Institute<span class="_"> </span>of<span class="_"> </span>T<span class="_ _3"></span>echnology<span class="_ _3"></span>,<span class="_"> </span>USA</div><div class="t m0 xb h4 y5 ff2 fs2 fc0 sc0 ls0 ws0">pchung34@mail.gatech.edu</div><div class="t m0 xc h3 y6 ff2 fs1 fc0 sc0 ls0 ws0">W<span class="_ _1"></span>enke<span class="_"> </span>Lee</div><div class="t m0 x1 h4 y7 ff2 fs2 fc0 sc0 ls0 ws0">Georgia<span class="_"> </span>Institute<span class="_"> </span>of<span class="_"> </span>T<span class="_ _3"></span>echnology<span class="_ _3"></span>,<span class="_"> </span>USA</div><div class="t m0 xd h4 y8 ff2 fs2 fc0 sc0 ls0 ws0">wenke.lee@gmail.com</div><div class="t m0 xe h3 y6 ff2 fs1 fc0 sc0 ls0 ws0">Y<span class="_ _3"></span>anick<span class="_"> </span>Fratantonio</div><div class="t m0 xf h4 y7 ff2 fs2 fc0 sc0 ls0 ws0">EURECOM,<span class="_"> </span>France</div><div class="t m0 x10 h4 y8 ff2 fs2 fc0 sc0 ls0 ws0">yanick.fratantonio@eurecom.fr</div><div class="t m0 x11 h5 y9 ff3 fs3 fc0 sc0 ls0 ws0">ABSTRA<span class="_ _3"></span>CT</div><div class="t m2 x11 h6 ya ff2 fs4 fc0 sc0 ls0 ws0">In<span class="_"> </span>the<span class="_"> </span>context<span class="_"> </span>of<span class="_"> </span>mobile-based<span class="_"> </span>user-interface<span class="_"> </span>(<span class="_ _4"></span>UI)<span class="_"> </span>attacks,<span class="_"> </span>the<span class="_"> </span>com-</div><div class="t m3 x11 h6 yb ff2 fs4 fc0 sc0 ls0 ws0">mon<span class="_"> </span>belief<span class="_"> </span>is<span class="_"> </span>that<span class="_ _5"> </span><span class="ff4">clickjacking<span class="_ _5"> </span></span>is<span class="_"> </span>a<span class="_"> </span>solved<span class="_ _5"> </span>problem.<span class="_"> </span>On<span class="_"> </span>the<span class="_"> </span>contrary<span class="_ _3"></span>,</div><div class="t m4 x11 h6 yc ff2 fs4 fc0 sc0 ls0 ws0">this<span class="_"> </span>paper<span class="_"> </span>shows<span class="_"> </span>that<span class="_"> </span>clickjacking<span class="_"> </span>is<span class="_"> </span>still<span class="_"> </span>an<span class="_"> </span>open<span class="_"> </span>problem<span class="_"> </span>for<span class="_"> </span>mo-</div><div class="t m3 x11 h6 yd ff2 fs4 fc0 sc0 ls0 ws0">bile<span class="_"> </span>devices.<span class="_"> </span>In<span class="_"> </span>fact,<span class="_"> </span>all<span class="_"> </span>known<span class="_"> </span>academic<span class="_"> </span>and<span class="_"> </span>industr<span class="_ _4"></span>y<span class="_"> </span>solutions<span class="_"> </span>are</div><div class="t m3 x11 h6 ye ff2 fs4 fc0 sc0 ls0 ws0">either<span class="_"> </span>not<span class="_ _6"> </span>e&#58909;ective<span class="_"> </span>or<span class="_ _6"> </span>not<span class="_"> </span>applicable<span class="_ _6"> </span>in<span class="_"> </span>the<span class="_ _6"> </span>real-world<span class="_ _6"> </span>for<span class="_"> </span>backward</div><div class="t m5 x11 h6 yf ff2 fs4 fc0 sc0 ls0 ws0">compatibility<span class="_ _7"> </span>reasons.<span class="_ _7"> </span>This<span class="_ _7"> </span>work<span class="_ _7"> </span>shows<span class="_ _5"> </span>that,<span class="_ _7"> </span>as<span class="_ _7"> </span>a<span class="_ _7"> </span>conse<span class="_ _4"></span>quence,</div><div class="t m6 x11 h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">even<span class="_"> </span>popular<span class="_"> </span>and<span class="_"> </span>sensitive<span class="_"> </span>apps<span class="_"> </span>like<span class="_"> </span>Google<span class="_"> </span>Play<span class="_"> </span>Store<span class="_"> </span>remain,<span class="_"> </span>to</div><div class="t m0 x11 h6 y11 ff2 fs4 fc0 sc0 ls0 ws0">date,<span class="_"> </span>completely<span class="_"> </span>unprotected<span class="_"> </span>from<span class="_"> </span>clickjacking<span class="_"> </span>attacks.</div><div class="t m3 x12 h6 y12 ff2 fs4 fc0 sc0 ls0 ws0">After<span class="_ _6"> </span>gathering<span class="_ _8"> </span>insights<span class="_ _8"> </span>into<span class="_ _6"> </span>how<span class="_ _8"> </span>apps<span class="_ _6"> </span>use<span class="_ _8"> </span>the<span class="_ _6"> </span>user<span class="_ _8"> </span>interface,<span class="_ _8"> </span>this</div><div class="t m7 x11 h6 y13 ff2 fs4 fc0 sc0 ls0 ws0">work<span class="_"> </span>performs<span class="_"> </span>a<span class="_"> </span>systematic<span class="_"> </span>exploration<span class="_"> </span>of<span class="_"> </span>the<span class="_"> </span>design<span class="_"> </span>space<span class="_"> </span>for<span class="_"> </span>an</div><div class="t m8 x11 h6 y14 ff2 fs4 fc0 sc0 ls0 ws0">e&#58909;ective<span class="_"> </span>and<span class="_"> </span>practical<span class="_"> </span>protection<span class="_"> </span>against<span class="_"> </span>clickjacking<span class="_"> </span>attacks.<span class="_"> </span>W<span class="_ _1"></span>e</div><div class="t m3 x11 h6 y15 ff2 fs4 fc0 sc0 ls0 ws0">then<span class="_ _6"> </span>use<span class="_ _6"> </span>this<span class="_ _6"> </span>exploration<span class="_ _6"> </span>to<span class="_"> </span>guide<span class="_ _8"> </span>the<span class="_"> </span>design<span class="_ _8"> </span>of<span class="_ _7"> </span><span class="ff5">ClickShield</span>,<span class="_ _6"> </span>a<span class="_ _6"> </span>new</div><div class="t m5 x11 h6 y16 ff2 fs4 fc0 sc0 ls0 ws0">defensive<span class="_"> </span>mechanism.<span class="_"> </span>T<span class="_ _3"></span>o<span class="_"> </span>address<span class="_"> </span>backward<span class="_"> </span>compatibility<span class="_"> </span>issues,</div><div class="t m9 x11 h6 y17 ff2 fs4 fc0 sc0 ls0 ws0">our<span class="_"> </span>design<span class="_"> </span>allows<span class="_"> </span>for<span class="_"> </span>overlays<span class="_"> </span>to<span class="_"> </span>cov<span class="_ _2"></span>er<span class="_"> </span>the<span class="_"> </span>screen,<span class="_"> </span>and<span class="_"> </span>we<span class="_"> </span>employ</div><div class="t ma x11 h6 y18 ff2 fs4 fc0 sc0 ls0 ws0">image<span class="_"> </span>analysis<span class="_"> </span>techniques<span class="_"> </span>to<span class="_"> </span>determine<span class="_"> </span>whether<span class="_"> </span>the<span class="_ _5"> </span>user<span class="_"> </span>could<span class="_"> </span>be</div><div class="t m5 x11 h6 y19 ff2 fs4 fc0 sc0 ls0 ws0">confused.<span class="_"> </span>W<span class="_ _3"></span>e<span class="_"> </span>have<span class="_"> </span>implemented<span class="_"> </span>a<span class="_"> </span>prototype<span class="_"> </span>and<span class="_"> </span>we<span class="_"> </span>have<span class="_"> </span>tested</div><div class="t mb x11 h6 y1a ff2 fs4 fc0 sc0 ls0 ws0">it<span class="_"> </span>against<span class="_"> </span><span class="ff5">ClickBench</span>,<span class="_"> </span>a<span class="_"> </span>newly<span class="_"> </span>developed<span class="_"> </span>benchmark<span class="_"> </span>spe<span class="_ _4"></span>ci&#58907;cally</div><div class="t m3 x11 h6 y1b ff2 fs4 fc0 sc0 ls0 ws0">tailored<span class="_ _6"> </span>to<span class="_"> </span>stress-test<span class="_ _6"> </span>clickjacking<span class="_ _6"> </span>protection<span class="_"> </span>solutions.<span class="_ _6"> </span>This<span class="_"> </span>dataset</div><div class="t m5 x11 h6 y1c ff2 fs4 fc0 sc0 ls0 ws0">is<span class="_ _9"> </span>constituted<span class="_ _9"> </span>by<span class="_ _9"> </span>104<span class="_ _9"> </span>test<span class="_ _9"> </span>cases,<span class="_ _9"> </span>and<span class="_ _9"> </span>it<span class="_ _9"> </span>includes<span class="_ _9"> </span>real-world<span class="_ _7"> </span>and</div><div class="t m2 x11 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">simulated<span class="_"> </span>benign<span class="_"> </span>and<span class="_"> </span>malicious<span class="_ _5"> </span>examples<span class="_"> </span>that<span class="_"> </span>evaluate<span class="_"> </span>the<span class="_"> </span>system</div><div class="t m7 x11 h6 y1e ff2 fs4 fc0 sc0 ls0 ws0">across<span class="_"> </span>a<span class="_"> </span>wide<span class="_"> </span>range<span class="_"> </span>of<span class="_"> </span>legitimate<span class="_"> </span>and<span class="_"> </span>attack<span class="_"> </span>scenarios.<span class="_"> </span>The<span class="_"> </span>results</div><div class="t m5 x11 h6 y1f ff2 fs4 fc0 sc0 ls0 ws0">show<span class="_ _5"> </span>that<span class="_ _7"> </span>our<span class="_ _5"> </span>system<span class="_ _5"> </span>is<span class="_ _7"> </span>able<span class="_ _5"> </span>to<span class="_ _5"> </span>address<span class="_ _7"> </span>backward<span class="_"> </span>compatibility</div><div class="t m3 x11 h6 y20 ff2 fs4 fc0 sc0 ls0 ws0">concerns,<span class="_ _8"> </span>to<span class="_ _6"> </span>detect<span class="_ _8"> </span>all<span class="_ _6"> </span>known<span class="_ _8"> </span>attacks<span class="_ _6"> </span>(including<span class="_ _8"> </span>a<span class="_ _6"> </span>never-seen-before</div><div class="t m5 x11 h6 y21 ff2 fs4 fc0 sc0 ls0 ws0">real-world<span class="_"> </span>malware<span class="_"> </span>that<span class="_ _5"> </span>was<span class="_"> </span>publishe<span class="_ _4"></span>d<span class="_"> </span>after<span class="_ _5"> </span>we<span class="_"> </span>have<span class="_"> </span>developed</div><div class="t m0 x11 h6 y22 ff2 fs4 fc0 sc0 ls0 ws0">our<span class="_"> </span>solution),<span class="_"> </span>and<span class="_"> </span>it<span class="_"> </span>introduces<span class="_"> </span>a<span class="_"> </span>negligible<span class="_"> </span>overhead.</div><div class="t m0 x11 h7 y23 ff3 fs5 fc0 sc0 ls0 ws0">A<span class="_ _2"></span>CM<span class="_ _6"> </span>Reference<span class="_ _6"> </span>Format:</div><div class="t m3 x11 h8 y24 ff2 fs5 fc0 sc0 ls0 ws0">Andrea<span class="_ _8"> </span>Possemato<span class="_ _3"></span>,<span class="_ _8"> </span>Andrea<span class="_ _8"> </span>Lanzi,<span class="_ _a"> </span>Simon<span class="_ _a"> </span>Pak<span class="_ _8"> </span>Ho<span class="_ _a"> </span>Chung,<span class="_ _8"> </span>W<span class="_ _3"></span>enke<span class="_ _a"> </span>Lee,<span class="_ _8"> </span>and<span class="_ _a"> </span>Y<span class="_ _3"></span>an-</div><div class="t m5 x11 h8 y25 ff2 fs5 fc0 sc0 ls0 ws0">ick<span class="_"> </span>Fratantonio.<span class="_ _5"> </span>2018.<span class="_"> </span>ClickShield:<span class="_ _5"> </span>Are<span class="_"> </span>Y<span class="_ _3"></span>ou<span class="_"> </span>Hiding<span class="_ _5"> </span>Something?<span class="_"> </span>T<span class="_ _3"></span>owards</div><div class="t m5 x11 h8 y26 ff2 fs5 fc0 sc0 ls0 ws0">Eradicating<span class="_ _7"> </span>Clickjacking<span class="_ _7"> </span>on<span class="_ _9"> </span>Android.<span class="_ _7"> </span>In<span class="_ _7"> </span><span class="ff4">2018<span class="_ _7"> </span>ACM<span class="_ _7"> </span>SIGSA<span class="_ _3"></span>C<span class="_ _9"> </span>Conference</span></div><div class="t mc x11 h9 y27 ff4 fs5 fc0 sc0 ls0 ws0">on<span class="_ _6"> </span>Computer<span class="_ _6"> </span>and<span class="_ _b"> </span>Communications<span class="_ _6"> </span>Security<span class="_ _b"> </span>(CCS<span class="_ _6"> </span>&#8217;18),<span class="_ _6"> </span>October<span class="_ _b"> </span>15&#8211;19,<span class="_ _6"> </span>2018,</div><div class="t md x11 h8 y28 ff4 fs5 fc0 sc0 ls0 ws0">T<span class="_ _3"></span>oronto,<span class="_ _6"> </span>ON,<span class="_ _6"> </span>Canada<span class="_"> </span>.<span class="_ _b"> </span><span class="ff2">ACM,<span class="_"> </span>Ne<span class="_ _2"></span>w<span class="_"> </span>Y<span class="_ _3"></span>ork,<span class="_"> </span>NY,<span class="_"> </span>USA,<span class="_"> </span>17<span class="_"> </span>pages.<span class="_"> </span>https://doi.org/</span></div><div class="t m0 x11 h8 y29 ff2 fs5 fc0 sc0 ls0 ws0">10.1145/3243734.3243785</div><div class="t m5 x11 ha y2a ff2 fs6 fc0 sc0 ls0 ws0">Permission<span class="_"> </span>to<span class="_"> </span>make<span class="_"> </span>digital<span class="_"> </span>or<span class="_"> </span>hard<span class="_"> </span>copies<span class="_"> </span>of<span class="_"> </span>all<span class="_"> </span>or<span class="_"> </span>part<span class="_"> </span>of<span class="_"> </span>this<span class="_"> </span>work<span class="_"> </span>for<span class="_"> </span>personal<span class="_"> </span>or</div><div class="t me x11 ha y2b ff2 fs6 fc0 sc0 ls0 ws0">classroom<span class="_"> </span>use<span class="_"> </span>is<span class="_"> </span>granted<span class="_"> </span>without<span class="_"> </span>fee<span class="_ _6"> </span>provided<span class="_"> </span>that<span class="_"> </span>copies<span class="_"> </span>are<span class="_"> </span>not<span class="_"> </span>made<span class="_"> </span>or<span class="_"> </span>distribute<span class="_ _4"></span>d</div><div class="t m3 x11 ha y2c ff2 fs6 fc0 sc0 ls0 ws0">for<span class="_"> </span>pro&#58907;t<span class="_ _a"> </span>or<span class="_"> </span>commercial<span class="_ _a"> </span>advantage<span class="_"> </span>and<span class="_"> </span>that<span class="_ _a"> </span>copies<span class="_"> </span>bear<span class="_"> </span>this<span class="_"> </span>notice<span class="_ _a"> </span>and<span class="_"> </span>the<span class="_"> </span>full<span class="_ _a"> </span>citation</div><div class="t m3 x11 ha y2d ff2 fs6 fc0 sc0 ls0 ws0">on<span class="_"> </span>the<span class="_"> </span>&#58907;rst<span class="_"> </span>page.<span class="_"> </span>Copyrights<span class="_"> </span>for<span class="_"> </span>components<span class="_"> </span>of<span class="_"> </span>this<span class="_"> </span>work<span class="_"> </span>owned<span class="_"> </span>by<span class="_"> </span>others<span class="_"> </span>than<span class="_"> </span>ACM</div><div class="t m3 x11 ha y2e ff2 fs6 fc0 sc0 ls0 ws0">must<span class="_"> </span>be<span class="_ _a"> </span>honored.<span class="_"> </span>Abstracting<span class="_ _8"> </span>with<span class="_ _8"> </span>credit<span class="_ _8"> </span>is<span class="_ _8"> </span>permitted.<span class="_"> </span>T<span class="_ _3"></span>o<span class="_ _a"> </span>copy<span class="_"> </span>otherwise,<span class="_"> </span>or<span class="_ _a"> </span>republish,</div><div class="t m3 x11 ha y2f ff2 fs6 fc0 sc0 ls0 ws0">to<span class="_"> </span>post<span class="_"> </span>on<span class="_"> </span>servers<span class="_"> </span>or<span class="_"> </span>to<span class="_ _8"> </span>redistribute<span class="_"> </span>to<span class="_"> </span>lists,<span class="_"> </span>r<span class="_ _3"></span>e<span class="_ _4"></span>quires<span class="_"> </span>prior<span class="_"> </span>speci&#58907;c<span class="_"> </span>permission<span class="_"> </span>and<span class="_ _4"></span>/or<span class="_"> </span>a</div><div class="t m0 x11 ha y30 ff2 fs6 fc0 sc0 ls0 ws0">fee.<span class="_"> </span>Request<span class="_"> </span>permissions<span class="_"> </span>from<span class="_"> </span>permissions@acm.org.</div><div class="t m0 x11 hb y31 ff4 fs6 fc0 sc0 ls0 ws0">CCS<span class="_ _8"> </span>&#8217;18,<span class="_ _6"> </span>October<span class="_ _6"> </span>15&#8211;19,<span class="_ _6"> </span>2018,<span class="_ _8"> </span>Tor<span class="_ _2"></span>onto,<span class="_ _8"> </span>ON,<span class="_ _6"> </span>Canada</div><div class="t m0 x11 ha y32 ff6 fs6 fc0 sc0 ls0 ws0">&#169;<span class="_ _8"> </span><span class="ff2">2018<span class="_"> </span>Association<span class="_"> </span>for<span class="_"> </span>Computing<span class="_"> </span>Machiner<span class="_ _4"></span>y<span class="_ _3"></span>.</span></div><div class="t m0 x11 ha y33 ff2 fs6 fc0 sc0 ls0 ws0">ACM<span class="_"> </span>ISBN<span class="_"> </span>978-1-4503-5693-0/18/10.<span class="_ _c"></span>.<span class="_ _c"> </span>.<span class="_ _a"> </span>$15.00</div><div class="t m0 x11 ha y34 ff2 fs6 fc0 sc0 ls0 ws0">https://doi.org/10.1145/3243734.3243785</div><div class="t m0 x13 h5 y9 ff3 fs3 fc0 sc0 ls0 ws0">1<span class="_ _d"> </span>IN<span class="_ _4"></span>TRODUCTION</div><div class="t m5 x13 h6 ya ff2 fs4 fc0 sc0 ls0 ws0">Mobile<span class="_ _7"> </span>devices<span class="_ _7"> </span>are<span class="_ _5"> </span>widespread<span class="_ _7"> </span>and<span class="_ _7"> </span>they<span class="_ _7"> </span>have<span class="_ _7"> </span>been<span class="_ _7"> </span>subject<span class="_ _7"> </span>to<span class="_ _7"> </span>a</div><div class="t m5 x13 h6 yb ff2 fs4 fc0 sc0 ls0 ws0">signi&#58907;cant<span class="_ _5"> </span>corpus<span class="_ _7"> </span>of<span class="_ _5"> </span>research.<span class="_ _5"> </span>One<span class="_ _7"> </span>main<span class="_ _5"> </span>area<span class="_ _7"> </span>of<span class="_ _5"> </span>works<span class="_ _7"> </span>is<span class="_ _5"> </span>about</div><div class="t m5 x13 h6 yc ff2 fs4 fc0 sc0 ls0 ws0">o&#58909;ensive<span class="_ _7"> </span>research,<span class="_ _7"> </span>which<span class="_ _7"> </span>focuses<span class="_ _7"> </span>on<span class="_ _7"> </span>attacking<span class="_ _7"> </span>these<span class="_ _7"> </span>devices<span class="_ _7"> </span>to</div><div class="t mf x13 h6 yd ff2 fs4 fc0 sc0 ls0 ws0">highlight<span class="_"> </span>vulnerabilities.<span class="_"> </span>Within<span class="_"> </span>this<span class="_"> </span>context,<span class="_"> </span>a<span class="_ _6"> </span>number<span class="_"> </span>of<span class="_"> </span>recent</div><div class="t m5 x13 h6 ye ff2 fs4 fc0 sc0 ls0 ws0">works<span class="_ _5"> </span>has<span class="_ _5"> </span>speci&#58907;cally<span class="_ _7"> </span>focused<span class="_ _5"> </span>on<span class="_ _5"> </span>the<span class="_ _7"> </span>mobile<span class="_"> </span>user-interface<span class="_ _7"> </span>(UI).</div><div class="t m1 x13 h6 yf ff2 fs4 fc0 sc0 ls0 ws0">Many<span class="_"> </span>of<span class="_"> </span>these<span class="_"> </span>works<span class="_"> </span>have<span class="_"> </span>focused<span class="_"> </span>on<span class="_"> </span>the<span class="_ _5"> </span>problem<span class="_"> </span>of<span class="_"> </span><span class="ff4">mobile<span class="_ _b"> </span>phish-</span></div><div class="t m6 x13 h6 y10 ff4 fs4 fc0 sc0 ls0 ws0">ing<span class="_ _b"> </span>attacks<span class="_ _5"> </span><span class="ff2">[</span></div><div class="t m0 x14 h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">4</div><div class="t m6 x15 h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x16 h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">6</div><div class="t m6 x17 h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x18 h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">9</div><div class="t m6 x19 h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x1a h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">14</div><div class="t m6 x1b h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x1c h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">20</div><div class="t m6 x1d h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">].<span class="_"> </span>In<span class="_"> </span>such<span class="_"> </span>attacks,<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>is<span class="_"> </span>tricked<span class="_"> </span>by<span class="_"> </span>a</div><div class="t m10 x13 h6 y11 ff2 fs4 fc0 sc0 ls0 ws0">malicious<span class="_"> </span>app<span class="_"> </span>into<span class="_"> </span>inserting<span class="_"> </span>sensitive<span class="_"> </span>input<span class="_"> </span>(e<span class="_ _2"></span>.g.,<span class="_"> </span>usernames,<span class="_"> </span>pass-</div><div class="t m5 x13 h6 y12 ff2 fs4 fc0 sc0 ls0 ws0">words)<span class="_"> </span>into<span class="_ _7"> </span>a<span class="_ _5"> </span>window<span class="_ _5"> </span>that<span class="_ _7"> </span>the<span class="_"> </span>malicious<span class="_ _7"> </span>app<span class="_ _5"> </span>controls.<span class="_ _5"> </span>The<span class="_ _7"> </span>core</div><div class="t m3 x13 h6 y13 ff2 fs4 fc0 sc0 ls0 ws0">issue<span class="_ _8"> </span>enabling<span class="_ _8"> </span>these<span class="_ _8"> </span>attacks<span class="_ _8"> </span>is<span class="_ _6"> </span>that<span class="_ _8"> </span>users<span class="_ _8"> </span>cannot<span class="_ _8"> </span>understand<span class="_ _8"> </span>whether</div><div class="t m2 x13 h6 y14 ff2 fs4 fc0 sc0 ls0 ws0">they<span class="_"> </span>are<span class="_"> </span>interacting<span class="_"> </span>with<span class="_"> </span>a<span class="_"> </span>legitimate<span class="_"> </span>app<span class="_"> </span>(<span class="_ _4"></span>like<span class="_"> </span>a<span class="_"> </span>banking<span class="_"> </span>app)<span class="_"> </span>or<span class="_"> </span>a</div><div class="t m0 x13 h6 y15 ff2 fs4 fc0 sc0 ls0 ws0">malicious<span class="_"> </span>one<span class="_"> </span>that<span class="_"> </span>is<span class="_"> </span>spoo&#58907;ng<span class="_"> </span>the<span class="_"> </span>legitimate<span class="_"> </span>UI.</div><div class="t ma x1e h6 y16 ff2 fs4 fc0 sc0 ls0 ws0">Another<span class="_"> </span>class<span class="_"> </span>of<span class="_"> </span>attacks<span class="_"> </span>against<span class="_"> </span>user-interfaces<span class="_"> </span>(UI)<span class="_"> </span>is<span class="_"> </span><span class="ff4">clickjack-</span></div><div class="t m3 x13 h6 y17 ff4 fs4 fc0 sc0 ls0 ws0">ing<span class="ff2">,<span class="_"> </span>which<span class="_"> </span>is<span class="_"> </span>the<span class="_"> </span>fo<span class="_ _4"></span>cus<span class="_"> </span>of<span class="_"> </span>this<span class="_"> </span>paper<span class="_ _3"></span>.<span class="_"> </span>Such<span class="_ _5"> </span>attacks<span class="_"> </span>work<span class="_"> </span>by<span class="_"> </span>creating</span></div><div class="t m4 x13 h6 y18 ff2 fs4 fc0 sc0 ls0 ws0">an<span class="_"> </span>opaque<span class="_"> </span>overlay<span class="_"> </span>that<span class="_"> </span>completely<span class="_"> </span>cov<span class="_ _2"></span>ers<span class="_"> </span>a<span class="_"> </span>security-sensitive<span class="_"> </span>app</div><div class="t m3 x13 h6 y19 ff2 fs4 fc0 sc0 ls0 ws0">(such<span class="_"> </span>as<span class="_"> </span>the<span class="_"> </span>Settings<span class="_ _6"> </span>app):<span class="_"> </span>while<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>believes<span class="_"> </span>she<span class="_"> </span>is<span class="_"> </span>interacting</div><div class="t m3 x13 h6 y1a ff2 fs4 fc0 sc0 ls0 ws0">with<span class="_"> </span>an<span class="_"> </span>innocuous<span class="_"> </span>ov<span class="_ _2"></span>erlay<span class="_ _3"></span>,<span class="_"> </span>she<span class="_"> </span>is<span class="_ _6"> </span>in<span class="_"> </span>fact<span class="_"> </span>interacting<span class="_"> </span>with<span class="_"> </span>the<span class="_ _6"> </span>target</div><div class="t m5 x13 h6 y1b ff2 fs4 fc0 sc0 ls0 ws0">app<span class="_ _7"> </span>on<span class="_ _5"> </span>the<span class="_ _7"> </span>bottom<span class="_ _7"> </span>(and<span class="_ _5"> </span>she<span class="_ _7"> </span>could<span class="_ _5"> </span>unknowingly<span class="_ _7"> </span>grant<span class="_ _5"> </span>p<span class="_ _4"></span>owerful</div><div class="t m0 x13 h6 y1c ff2 fs4 fc0 sc0 ls0 ws0">permissions<span class="_"> </span>to<span class="_"> </span>a<span class="_"> </span>malicious<span class="_"> </span>app).</div><div class="t m5 x1e h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">These<span class="_ _5"> </span>attacks<span class="_ _5"> </span>have<span class="_ _5"> </span>been<span class="_ _5"> </span>known<span class="_ _5"> </span>for<span class="_ _5"> </span>several<span class="_ _5"> </span>years<span class="_"> </span>[</div><div class="t m0 x1f h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">1</div><div class="t m5 x20 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x21 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">2</div><div class="t m5 x22 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x23 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">17</div><div class="t m5 x24 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x25 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">24</div><div class="t m5 x26 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x13 h6 y1e ff2 fs4 fc0 sc0 ls0 ws0">26</div><div class="t m5 x27 h6 y1e ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x28 h6 y1e ff2 fs4 fc0 sc0 ls0 ws0">30</div><div class="t m5 x29 h6 y1e ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x2a h6 y1e ff2 fs4 fc0 sc0 ls0 ws0">31</div><div class="t m5 x2b h6 y1e ff2 fs4 fc0 sc0 ls0 ws0">]<span class="_ _5"> </span>and,<span class="_ _7"> </span>in<span class="_ _7"> </span>response,<span class="_"> </span>Go<span class="_ _4"></span>ogle<span class="_ _5"> </span>has<span class="_ _7"> </span>implemented<span class="_ _7"> </span>a<span class="_ _5"> </span>security</div><div class="t m5 x13 h6 y1f ff2 fs4 fc0 sc0 ls0 ws0">mechanism<span class="_ _9"> </span>called<span class="_ _9"> </span>&#8220;obscured<span class="_ _9"> </span>&#58910;ag.<span class="_ _1"></span>&#8221;<span class="_ _9"> </span>Such<span class="_ _9"> </span>protection<span class="_ _9"> </span>allows<span class="_ _9"> </span>apps</div><div class="t m5 x13 h6 y20 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>detect<span class="_ _5"> </span>whether<span class="_ _3"></span>,<span class="_"> </span>at<span class="_ _5"> </span>the<span class="_"> </span>moment<span class="_ _5"> </span>of<span class="_"> </span>the<span class="_ _5"> </span>click,<span class="_"> </span>a<span class="_ _5"> </span>sensitive<span class="_"> </span>widget</div><div class="t m3 x13 h6 y21 ff2 fs4 fc0 sc0 ls0 ws0">button<span class="_ _8"> </span>was<span class="_ _6"> </span>covered<span class="_ _8"> </span>by<span class="_ _6"> </span>an<span class="_ _6"> </span>overlay<span class="_ _8"> </span>and,<span class="_ _8"> </span>if<span class="_ _6"> </span>that<span class="_ _6"> </span>is<span class="_ _8"> </span>the<span class="_ _6"> </span>case,<span class="_ _6"> </span>apps<span class="_ _8"> </span>have<span class="_ _6"> </span>a</div><div class="t m3 x13 h6 y22 ff2 fs4 fc0 sc0 ls0 ws0">chance<span class="_"> </span>to<span class="_"> </span>r<span class="_ _2"></span>efuse<span class="_"> </span>the<span class="_"> </span>click.<span class="_ _6"> </span>Google<span class="_"> </span>adopted<span class="_"> </span>this<span class="_"> </span>security<span class="_"> </span>mechanism</div><div class="t m11 x13 h6 y35 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>protect<span class="_"> </span>the<span class="_"> </span>most<span class="_"> </span>security-sensitive<span class="_"> </span>of<span class="_"> </span>its<span class="_"> </span>Android<span class="_"> </span>apps,<span class="_"> </span>such<span class="_"> </span>as</div><div class="t m0 x13 h6 y36 ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_"> </span>Settings<span class="_"> </span>app.</div><div class="t me x1e h6 y37 ff2 fs4 fc0 sc0 ls0 ws0">Howev<span class="_ _2"></span>er<span class="_ _3"></span>,<span class="_"> </span>a<span class="_"> </span>recent<span class="_"> </span>work<span class="_"> </span>called<span class="_"> </span>Cloak<span class="_"> </span>&amp;<span class="_ _5"> </span>Dagger<span class="_"> </span>(C&amp;D<span class="_"> </span>from<span class="_"> </span>now</div><div class="t m3 x13 h6 y38 ff2 fs4 fc0 sc0 ls0 ws0">on)<span class="_"> </span>sho<span class="_ _2"></span>wed<span class="_"> </span>ho<span class="_ _2"></span>w<span class="_ _6"> </span>this<span class="_"> </span>defense<span class="_ _6"> </span>mechanism<span class="_"> </span>can<span class="_ _6"> </span>be<span class="_"> </span>bypassed<span class="_"> </span>[</div><div class="t m0 x2c h6 y38 ff2 fs4 fc0 sc0 ls0 ws0">10</div><div class="t m3 x2d h6 y38 ff2 fs4 fc0 sc0 ls0 ws0">].<span class="_"> </span>The</div><div class="t m9 x13 h6 y39 ff2 fs4 fc0 sc0 ls0 ws0">authors<span class="_"> </span>of<span class="_"> </span>this<span class="_"> </span>work<span class="_"> </span>developed<span class="_"> </span>a<span class="_"> </span>new<span class="_"> </span>attack,<span class="_"> </span>called<span class="_"> </span><span class="ff4">context-hiding</span></div><div class="t m3 x13 h6 y3a ff4 fs4 fc0 sc0 ls0 ws0">attack<span class="ff2">,<span class="_ _6"> </span>which<span class="_ _8"> </span>consists<span class="_"> </span>in<span class="_ _8"> </span>covering<span class="_ _8"> </span>the<span class="_"> </span>entir<span class="_ _2"></span>e<span class="_ _6"> </span>screen<span class="_ _8"> </span><span class="ff4">except<span class="_ _5"> </span></span>the<span class="_ _6"> </span>target</span></div><div class="t m12 x13 h6 y3b ff2 fs4 fc0 sc0 ls0 ws0">button:<span class="_"> </span>In<span class="_"> </span>this<span class="_"> </span>way<span class="_ _3"></span>,<span class="_"> </span>the<span class="_"> </span>obscured<span class="_"> </span>&#58910;ag<span class="_"> </span>pr<span class="_ _2"></span>otection<span class="_"> </span>does<span class="_"> </span>not<span class="_"> </span>trigger</div><div class="t m13 x13 h6 y3c ff2 fs4 fc0 sc0 ls0 ws0">and,<span class="_"> </span>at<span class="_"> </span>the<span class="_"> </span>same<span class="_"> </span>time<span class="_ _2"></span>,<span class="_"> </span>the<span class="_"> </span>attacker<span class="_"> </span>is<span class="_"> </span>still<span class="_"> </span>able<span class="_ _6"> </span>to<span class="_"> </span><span class="ff4">confuse<span class="_ _5"> </span></span>the<span class="_"> </span>user</div><div class="t m0 x13 h6 y3d ff2 fs4 fc0 sc0 ls0 ws0">by<span class="_"> </span>hiding<span class="_"> </span>all<span class="_"> </span>the<span class="_"> </span>relevant<span class="_"> </span>security-sensitive<span class="_"> </span>context<span class="_"> </span>information.</div><div class="t m5 x1e h6 y3e ff2 fs4 fc0 sc0 ls0 ws0">In<span class="_ _5"> </span>response<span class="_ _7"> </span>to<span class="_"> </span>this<span class="_ _7"> </span>attack,<span class="_ _5"> </span>Google<span class="_ _7"> </span>implemented<span class="_ _5"> </span>an<span class="_ _5"> </span>additional</div><div class="t m12 x13 h6 y3f ff2 fs4 fc0 sc0 ls0 ws0">defensive<span class="_"> </span>mechanism:<span class="_"> </span>in<span class="_"> </span>recent<span class="_"> </span>v<span class="_ _2"></span>ersions<span class="_"> </span>of<span class="_"> </span>Android,<span class="_ _6"> </span>when<span class="_"> </span>users</div><div class="t m5 x13 h6 y40 ff2 fs4 fc0 sc0 ls0 ws0">browse<span class="_"> </span>to<span class="_ _7"> </span>the<span class="_ _5"> </span>accessibility<span class="_ _5"> </span>ser<span class="_ _4"></span>vice<span class="_ _5"> </span>menu<span class="_ _5"> </span>(the<span class="_ _7"> </span>main<span class="_ _5"> </span>target<span class="_ _5"> </span>of<span class="_ _7"> </span>the</div><div class="t m3 x13 h6 y41 ff2 fs4 fc0 sc0 ls0 ws0">C&amp;D<span class="_"> </span>work),<span class="_"> </span>all<span class="_ _6"> </span>overlays<span class="_"> </span>drawn<span class="_"> </span>on<span class="_"> </span>top<span class="_"> </span>disappear<span class="_ _3"></span>.<span class="_"> </span>T<span class="_ _3"></span>o<span class="_ _6"> </span>the<span class="_"> </span>best<span class="_"> </span>of<span class="_"> </span>our</div><div class="t m13 x13 h6 y42 ff2 fs4 fc0 sc0 ls0 ws0">knowledge,<span class="_"> </span>this<span class="_"> </span>hide<span class="_"> </span>ov<span class="_ _2"></span>erlays<span class="_"> </span>defense<span class="_"> </span>mechanism<span class="_"> </span>is<span class="_"> </span>su&#58908;cient<span class="_"> </span>to</div><div class="t m5 x13 h6 y43 ff2 fs4 fc0 sc0 ls0 ws0">defeat<span class="_ _5"> </span>clickjacking<span class="_ _5"> </span>attacks<span class="_ _5"> </span>(including<span class="_ _5"> </span>C&amp;D),<span class="_ _5"> </span>mainly<span class="_ _5"> </span>because<span class="_ _5"> </span>the</div><div class="t m3 x13 h6 y44 ff2 fs4 fc0 sc0 ls0 ws0">attacker<span class="_"> </span>does<span class="_"> </span>not<span class="_"> </span>have<span class="_"> </span>any<span class="_"> </span>possibility<span class="_"> </span>to<span class="_"> </span>confuse<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>anymore<span class="_ _2"></span>.</div><div class="t m5 x13 h6 y45 ff2 fs4 fc0 sc0 ls0 ws0">The<span class="_ _7"> </span>common<span class="_ _9"> </span>belief<span class="_ _9"> </span>is<span class="_ _7"> </span>thus<span class="_ _9"> </span>that<span class="_ _9"> </span>clickjacking<span class="_ _7"> </span>is<span class="_ _9"> </span>overall<span class="_ _7"> </span>a<span class="_ _9"> </span>solved</div><div class="c x11 y46 w2 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">Session 6B: Mobile 1</div></div><div class="c x2e y46 w3 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">CCS&#8217;18, October 15-19, 2018, Toronto, ON, Canada</div></div><div class="c x2f y48 w4 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">1120</div></div><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a></div><div class="pi" data-data='{"ctm":[1.568627,0.000000,0.000000,1.568627,0.000000,0.000000]}'></div></div></body></html>

<div id="pf2" class="pf w0 h0" data-page-no="2"><div class="pc pc2 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://csdnimg.cn/release/download_crawler_static/12728047/bg2.jpg"><div class="t m3 x11 h6 y49 ff2 fs4 fc0 sc0 ls0 ws0">problem<span class="_ _6"> </span>in<span class="_"> </span>mobile<span class="_ _6"> </span>devices<span class="_ _6"> </span>context.<span class="_ _6"> </span>This<span class="_"> </span>paper<span class="_ _3"></span>,<span class="_ _6"> </span>however<span class="_ _3"></span>,<span class="_ _6"> </span>shows<span class="_ _6"> </span>that</div><div class="t m0 x11 h6 y4a ff2 fs4 fc0 sc0 ls0 ws0">this<span class="_"> </span>is<span class="_"> </span>not<span class="_"> </span>the<span class="_"> </span>case.</div><div class="t m0 x11 he y4b ff3 fs4 fc0 sc0 ls0 ws0">Clickjacking<span class="_ _7"> </span>on<span class="_ _7"> </span>mobile<span class="_ _9"> </span>is<span class="_ _7"> </span>an<span class="_ _7"> </span>open<span class="_ _9"> </span>problem.</div><div class="t m5 x30 h6 y4b ff2 fs4 fc0 sc0 ls0 ws0">Clickjacking<span class="_ _7"> </span>is</div><div class="t m3 x11 h6 y4c ff2 fs4 fc0 sc0 ls0 ws0">not<span class="_"> </span>a<span class="_ _6"> </span>one-o&#58909;<span class="_"> </span>bug&#8212;it<span class="_ _6"> </span>is<span class="_"> </span>caused<span class="_"> </span>by<span class="_ _6"> </span>a<span class="_"> </span>design<span class="_ _6"> </span>issue&#8212;and<span class="_"> </span>it<span class="_ _6"> </span>is<span class="_"> </span>very<span class="_"> </span>chal-</div><div class="t m15 x11 h6 y4d ff2 fs4 fc0 sc0 ls0 ws0">lenging<span class="_"> </span>to<span class="_"> </span>prev<span class="_ _2"></span>ent<span class="_"> </span>in<span class="_"> </span>the<span class="_"> </span>general<span class="_"> </span>case.<span class="_"> </span>In<span class="_"> </span>fact,<span class="_"> </span>the<span class="_ _6"> </span>&#8220;hide<span class="_"> </span>overlays&#8221;</div><div class="t m5 x11 h6 y4e ff2 fs4 fc0 sc0 ls0 ws0">defense<span class="_ _7"> </span>from<span class="_ _7"> </span>Google,<span class="_ _7"> </span>while<span class="_ _9"> </span>being<span class="_ _7"> </span>e&#58909;ective,<span class="_ _7"> </span>has<span class="_ _9"> </span>two<span class="_ _7"> </span>fundamen-</div><div class="t m13 x11 h6 y4f ff2 fs4 fc0 sc0 ls0 ws0">tal<span class="_"> </span>problems.<span class="_"> </span>First,<span class="_"> </span>w<span class="_ _2"></span>e<span class="_"> </span>have<span class="_"> </span>identi&#58907;ed<span class="_"> </span>sev<span class="_ _2"></span>eral<span class="_"> </span>popular<span class="_"> </span>apps<span class="_"> </span>(<span class="_ _2"></span>with</div><div class="t m3 x11 h6 y50 ff2 fs4 fc0 sc0 ls0 ws0">millions<span class="_ _8"> </span>of<span class="_ _6"> </span>users)<span class="_ _8"> </span>whose<span class="_ _6"> </span>core<span class="_ _8"> </span>functionality&#8212;to<span class="_ _6"> </span>act<span class="_ _8"> </span>as<span class="_ _6"> </span>a<span class="_ _8"> </span>screen<span class="_ _6"> </span>&#58907;lter&#8212;</div><div class="t m16 x11 h6 y51 ff2 fs4 fc0 sc0 ls0 ws0">speci&#58907;cally<span class="_"> </span>relies<span class="_"> </span>on<span class="_"> </span>creating<span class="_"> </span>persistent<span class="_"> </span>on-top<span class="_ _5"> </span>fullscreen<span class="_"> </span>overlays.</div><div class="t me x11 h6 y52 ff2 fs4 fc0 sc0 ls0 ws0">Thus,<span class="_"> </span>Google&#8217;s<span class="_"> </span>defense<span class="_"> </span>cannot<span class="_"> </span>be<span class="_"> </span>widely<span class="_"> </span>adopted<span class="_"> </span>due<span class="_"> </span>to<span class="_"> </span>backward</div><div class="t m0 x11 h6 y53 ff2 fs4 fc0 sc0 ls0 ws0">compatibility<span class="_"> </span>issues&#8212;it<span class="_"> </span>would<span class="_"> </span>in<span class="_"> </span>fact<span class="_"> </span>a&#58909;ect<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>experience<span class="_"> </span>of</div><div class="t m17 x11 h6 y54 ff2 fs4 fc0 sc0 ls0 ws0">all<span class="_"> </span>these<span class="_"> </span>apps<span class="_"> </span>with<span class="_"> </span>frequent<span class="_"> </span>interferences<span class="_"> </span>and<span class="_"> </span>&#58910;ickering<span class="_"> </span>problems.</div><div class="t md x11 h6 y55 ff2 fs4 fc0 sc0 ls0 ws0">Second,<span class="_"> </span>as<span class="_"> </span>we<span class="_"> </span>will<span class="_"> </span>show<span class="_"> </span>in<span class="_"> </span>this<span class="_"> </span>paper<span class="_ _3"></span>,<span class="_"> </span>Google<span class="_"> </span>deployed<span class="_"> </span>this<span class="_"> </span>&#58907;x<span class="_"> </span>to</div><div class="t m5 x11 h6 y56 ff2 fs4 fc0 sc0 ls0 ws0">protect<span class="_"> </span>parts<span class="_ _5"> </span>of<span class="_"> </span>the<span class="_ _5"> </span>Settings<span class="_"> </span>app,<span class="_ _5"> </span>but<span class="_"> </span>many<span class="_ _5"> </span>other<span class="_"> </span>apps<span class="_ _5"> </span>including</div><div class="t m3 x11 h6 y57 ff2 fs4 fc0 sc0 ls0 ws0">Google<span class="_"> </span>own<span class="_"> </span>apps,<span class="_ _6"> </span>such<span class="_"> </span>as<span class="_"> </span>the<span class="_"> </span>Google<span class="_"> </span>Play<span class="_"> </span>Store<span class="_ _2"></span>,<span class="_"> </span>and<span class="_"> </span>other<span class="_ _6"> </span>popular</div><div class="t m12 x11 h6 y58 ff2 fs4 fc0 sc0 ls0 ws0">third-party<span class="_"> </span>apps<span class="_"> </span>ar<span class="_ _2"></span>e<span class="_"> </span>left<span class="_"> </span>completely<span class="_"> </span>unprotected.<span class="_"> </span>W<span class="_ _1"></span>e<span class="_"> </span>believe<span class="_"> </span>this</div><div class="t m5 x11 h6 y59 ff2 fs4 fc0 sc0 ls0 ws0">is<span class="_"> </span>due<span class="_ _5"> </span>to<span class="_"> </span>the<span class="_ _5"> </span>backward<span class="_ _5"> </span>compatibility<span class="_"> </span>concerns<span class="_ _5"> </span>mentioned<span class="_ _5"> </span>above.</div><div class="t m5 x11 h6 y5a ff2 fs4 fc0 sc0 ls0 ws0">W<span class="_ _3"></span>e<span class="_ _5"> </span>note<span class="_ _7"> </span>that<span class="_ _7"> </span>the<span class="_ _7"> </span>best<span class="_ _7"> </span>defense<span class="_ _7"> </span>available<span class="_ _7"> </span>to<span class="_ _7"> </span>third-party<span class="_ _5"> </span>apps,<span class="_ _7"> </span>the</div><div class="t m18 x11 h6 y5b ff2 fs4 fc0 sc0 ls0 ws0">obscured<span class="_"> </span>&#58910;ag,<span class="_"> </span>would<span class="_"> </span>also<span class="_"> </span>break<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>experience<span class="_"> </span>for<span class="_"> </span>millions<span class="_"> </span>of</div><div class="t m0 x11 h6 y5c ff2 fs4 fc0 sc0 ls0 ws0">users.</div><div class="t m0 x11 he y5d ff3 fs4 fc0 sc0 ls0 ws0">The<span class="_ _b"> </span>design<span class="_ _b"> </span>space<span class="_ _b"> </span>for<span class="_ _b"> </span>a<span class="_ _5"> </span>practical<span class="_ _b"> </span>defense.</div><div class="t m9 x31 h6 y5d ff2 fs4 fc0 sc0 ls0 ws0">Solving<span class="_"> </span>this<span class="_"> </span>problem</div><div class="t m5 x11 h6 y5e ff2 fs4 fc0 sc0 ls0 ws0">in<span class="_"> </span>the<span class="_"> </span>general<span class="_"> </span>case<span class="_"> </span>is<span class="_"> </span>very<span class="_"> </span>challenging<span class="_"> </span>since<span class="_"> </span>we<span class="_"> </span>need<span class="_"> </span>to<span class="_"> </span>design<span class="_"> </span>a</div><div class="t m5 x11 h6 y5f ff2 fs4 fc0 sc0 ls0 ws0">protection<span class="_"> </span>system<span class="_ _7"> </span>that<span class="_"> </span>is<span class="_ _5"> </span>e&#58909;ective<span class="_ _5"> </span>and,<span class="_ _5"> </span>at<span class="_ _5"> </span>same<span class="_ _5"> </span>time,<span class="_ _5"> </span>it<span class="_ _5"> </span>does<span class="_ _5"> </span>not</div><div class="t m3 x11 h6 y60 ff2 fs4 fc0 sc0 ls0 ws0">break<span class="_ _8"> </span>compatibility<span class="_"> </span>with<span class="_ _8"> </span>existing<span class="_ _6"> </span>apps.<span class="_ _6"> </span>There<span class="_ _8"> </span>are<span class="_ _6"> </span>multiple<span class="_ _6"> </span>proposed</div><div class="t m8 x11 h6 y61 ff2 fs4 fc0 sc0 ls0 ws0">solutions,<span class="_"> </span>from<span class="_"> </span>both<span class="_"> </span>the<span class="_"> </span>academic<span class="_"> </span>and<span class="_"> </span>industry<span class="_"> </span>communities:<span class="_"> </span>W<span class="_ _3"></span>e</div><div class="t m19 x11 h6 y62 ff2 fs4 fc0 sc0 ls0 ws0">show<span class="_"> </span>that<span class="_"> </span>none<span class="_"> </span>of<span class="_"> </span>these<span class="_"> </span>ar<span class="_ _2"></span>e<span class="_"> </span>both<span class="_"> </span>e&#58909;ective<span class="_"> </span>(in<span class="_"> </span>preventing<span class="_ _6"> </span>attacks)</div><div class="t m5 x11 h6 y63 ff2 fs4 fc0 sc0 ls0 ws0">and<span class="_"> </span>practical<span class="_ _5"> </span>(especially<span class="_ _5"> </span>when<span class="_ _5"> </span>applied<span class="_ _5"> </span>in<span class="_ _5"> </span>all<span class="_ _5"> </span>new<span class="_ _5"> </span>existing<span class="_"> </span>attack</div><div class="t m0 x11 h6 y64 ff2 fs4 fc0 sc0 ls0 ws0">scenarios<span class="_"> </span>described<span class="_"> </span>in<span class="_"> </span>this<span class="_"> </span>paper).</div><div class="t m5 x12 h6 y65 ff2 fs4 fc0 sc0 ls0 ws0">T<span class="_ _3"></span>o<span class="_"> </span>prevent<span class="_"> </span>the<span class="_"> </span>design<span class="_"> </span>of<span class="_ _5"> </span>another<span class="_"> </span>problematic<span class="_"> </span>solution,<span class="_ _5"> </span>in<span class="_"> </span>this</div><div class="t m1a x11 h6 y66 ff2 fs4 fc0 sc0 ls0 ws0">paper<span class="_"> </span>we<span class="_"> </span>&#58907;rst<span class="_"> </span>gather<span class="_"> </span>insights<span class="_"> </span>on<span class="_"> </span>how<span class="_"> </span>apps<span class="_ _6"> </span>use<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>interface,</div><div class="t m9 x11 h6 y67 ff2 fs4 fc0 sc0 ls0 ws0">and<span class="_"> </span>we<span class="_"> </span>then<span class="_"> </span>systematically<span class="_"> </span>explore<span class="_"> </span>the<span class="_"> </span>design<span class="_"> </span>space<span class="_"> </span>by<span class="_"> </span>drawing<span class="_"> </span>a</div><div class="t m3 x11 h6 y68 ff2 fs4 fc0 sc0 ls0 ws0">number<span class="_"> </span>of<span class="_"> </span>observations<span class="_"> </span>that,<span class="_"> </span>independently<span class="_"> </span>from<span class="_"> </span>a<span class="_"> </span>given<span class="_"> </span>proposed</div><div class="t m3 x11 h6 y69 ff2 fs4 fc0 sc0 ls0 ws0">solution,<span class="_"> </span>we<span class="_"> </span>believe<span class="_ _6"> </span>must<span class="_"> </span>all<span class="_"> </span>be<span class="_"> </span>taken<span class="_"> </span>into<span class="_"> </span>account<span class="_"> </span>when<span class="_"> </span>designing</div><div class="t m3 x11 h6 y6a ff2 fs4 fc0 sc0 ls0 ws0">a<span class="_ _8"> </span>system<span class="_"> </span>that<span class="_ _8"> </span>is<span class="_ _6"> </span>both<span class="_ _6"> </span>e&#58909;ective<span class="_ _8"> </span>and<span class="_ _6"> </span>practical.<span class="_ _6"> </span>This<span class="_ _6"> </span>exploration<span class="_ _8"> </span>guided</div><div class="t m5 x11 h6 y6b ff2 fs4 fc0 sc0 ls0 ws0">us<span class="_ _5"> </span>to<span class="_ _5"> </span>the<span class="_ _7"> </span>design<span class="_"> </span>of<span class="_ _7"> </span>a<span class="_"> </span>new<span class="_ _5"> </span>protection<span class="_ _7"> </span>mechanism,<span class="_ _5"> </span>dubbed<span class="_ _7"> </span><span class="ff5">Click-</span></div><div class="t m5 x11 h6 y6c ff5 fs4 fc0 sc0 ls0 ws0">Shield<span class="ff2">.<span class="_"> </span>Our<span class="_"> </span>defense<span class="_"> </span>di&#58909;ers<span class="_"> </span>from<span class="_"> </span>e<span class="_ _2"></span>xisting<span class="_"> </span>ones<span class="_"> </span>because<span class="_"> </span>it<span class="_"> </span>tackles</span></div><div class="t m0 x11 h6 y6d ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_"> </span>problem<span class="_"> </span>of<span class="_"> </span>clickjacking<span class="_"> </span>at<span class="_"> </span>its<span class="_"> </span>root:<span class="_"> </span>the<span class="_"> </span>possibility<span class="_"> </span>of<span class="_"> </span>deceiving</div><div class="t md x11 h6 y6e ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_"> </span>user<span class="_ _3"></span>.<span class="_"> </span>W<span class="_ _3"></span>e<span class="_"> </span>thus<span class="_"> </span>do<span class="_"> </span>not<span class="_"> </span>focus<span class="_"> </span>on<span class="_"> </span>the<span class="_"> </span>many<span class="_"> </span>technical<span class="_"> </span>ways<span class="_"> </span>single</div><div class="t m3 x11 h6 y6f ff2 fs4 fc0 sc0 ls0 ws0">overlays<span class="_ _6"> </span>can<span class="_"> </span>be<span class="_ _6"> </span>created&#8212;too<span class="_"> </span>many<span class="_ _6"> </span>to<span class="_"> </span>be<span class="_ _6"> </span>properly<span class="_"> </span>enumerated&#8212;and</div><div class="t m9 x11 h6 y70 ff2 fs4 fc0 sc0 ls0 ws0">we<span class="_"> </span>focus<span class="_"> </span>instead<span class="_"> </span>of<span class="_"> </span>the<span class="_"> </span><span class="ff4">net<span class="_ _b"> </span>e&#58909;ect<span class="_ _7"> </span></span>that<span class="_"> </span>these<span class="_"> </span>overlays<span class="_"> </span>have<span class="_"> </span>on<span class="_"> </span>what</div><div class="t m5 x11 h6 y71 ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_"> </span>user<span class="_"> </span>actually<span class="_ _5"> </span>sees<span class="_ _5"> </span>on<span class="_"> </span>the<span class="_ _5"> </span>screen.<span class="_"> </span>T<span class="_ _3"></span>o<span class="_"> </span>this<span class="_ _5"> </span>end,<span class="_"> </span>we<span class="_ _5"> </span>devised<span class="_"> </span>e&#58908;-</div><div class="t m3 x11 h6 y72 ff2 fs4 fc0 sc0 ls0 ws0">cient<span class="_"> </span>techniques<span class="_"> </span>based<span class="_"> </span>on<span class="_"> </span>image<span class="_"> </span>analysis<span class="_ _5"> </span>to<span class="_"> </span>answer<span class="_"> </span>questions<span class="_"> </span>such</div><div class="t m5 x11 h6 y73 ff2 fs4 fc0 sc0 ls0 ws0">as<span class="_"> </span><span class="ff4">is<span class="_ _b"> </span>what<span class="_ _b"> </span>the<span class="_ _b"> </span>user<span class="_ _b"> </span>seeing<span class="_ _b"> </span>di&#58909;erent<span class="_ _b"> </span>than<span class="_ _b"> </span>what<span class="_ _b"> </span>the<span class="_ _b"> </span>target<span class="_ _b"> </span>app<span class="_ _b"> </span>would</span></div><div class="t m5 x11 hf y74 ff4 fs4 fc0 sc0 ls0 ws0">have<span class="_ _b"> </span>liked<span class="_ _5"> </span>to<span class="_ _5"> </span>display?<span class="_ _b"> </span>W<span class="_ _3"></span>as<span class="_ _5"> </span>the<span class="_ _5"> </span>view<span class="_ _b"> </span>from<span class="_ _b"> </span>the<span class="_ _5"> </span>target<span class="_ _5"> </span>app<span class="_ _b"> </span>mo<span class="_ _4"></span>di&#58907;ed?</div><div class="t m8 x11 hf y75 ff4 fs4 fc0 sc0 ls0 ws0">If<span class="_ _b"> </span>yes,<span class="_ _b"> </span>was<span class="_ _b"> </span>it<span class="_ _b"> </span>modi&#58907;e<span class="_"> </span>d<span class="_ _5"> </span>in<span class="_ _b"> </span>a<span class="_ _b"> </span>uniform<span class="_ _b"> </span>way<span class="_ _b"> </span>so<span class="_ _b"> </span>that<span class="_ _5"> </span>the<span class="_ _b"> </span>full<span class="_ _b"> </span>(potentially</div><div class="t m0 x11 hf y76 ff4 fs4 fc0 sc0 ls0 ws0">security-related)<span class="_ _b"> </span>context<span class="_ _b"> </span>is<span class="_ _b"> </span>still<span class="_ _b"> </span>available<span class="_ _5"> </span>for<span class="_ _b"> </span>the<span class="_ _b"> </span>user?</div><div class="t md x12 h6 y77 ff2 fs4 fc0 sc0 ls0 ws0">W<span class="_ _3"></span>e<span class="_"> </span>have<span class="_"> </span>implemented<span class="_"> </span>a<span class="_"> </span>prototype<span class="_"> </span>of<span class="_"> </span>this<span class="_"> </span>system,<span class="_"> </span>and<span class="_"> </span>w<span class="_ _2"></span>e<span class="_"> </span>have</div><div class="t m3 x11 h6 y78 ff2 fs4 fc0 sc0 ls0 ws0">tested<span class="_"> </span>it<span class="_ _8"> </span>against<span class="_"> </span><span class="ff5">ClickBench</span>,<span class="_ _6"> </span>a<span class="_ _6"> </span>newly<span class="_ _6"> </span>developed<span class="_"> </span>benchmark<span class="_ _6"> </span>specif-</div><div class="t m1b x11 h6 y79 ff2 fs4 fc0 sc0 ls0 ws0">ically<span class="_"> </span>tailored<span class="_"> </span>to<span class="_"> </span>stress-test<span class="_"> </span>clickjacking<span class="_"> </span>protection<span class="_"> </span>solutions.<span class="_"> </span>This</div><div class="t m1a x11 h6 y7a ff2 fs4 fc0 sc0 ls0 ws0">dataset<span class="_"> </span>is<span class="_"> </span>constituted<span class="_"> </span>by<span class="_"> </span>104<span class="_"> </span>test<span class="_"> </span>cases,<span class="_"> </span>and<span class="_"> </span>it<span class="_"> </span>includes<span class="_"> </span>real-w<span class="_ _2"></span>orld</div><div class="t m5 x11 h6 y7b ff2 fs4 fc0 sc0 ls0 ws0">and<span class="_ _5"> </span>simulate<span class="_ _4"></span>d<span class="_ _5"> </span>b<span class="_ _4"></span>enign<span class="_ _5"> </span>and<span class="_ _7"> </span>malicious<span class="_ _7"> </span>examples<span class="_ _5"> </span>that<span class="_ _7"> </span>evaluate<span class="_ _5"> </span>the</div><div class="t m1b x11 h6 y7c ff2 fs4 fc0 sc0 ls0 ws0">system<span class="_"> </span>across<span class="_"> </span>a<span class="_"> </span>wide<span class="_"> </span>range<span class="_"> </span>of<span class="_"> </span>legitimate<span class="_"> </span>and<span class="_"> </span>attack<span class="_"> </span>scenarios.<span class="_"> </span>W<span class="_ _3"></span>e</div><div class="t me x11 h6 y7d ff2 fs4 fc0 sc0 ls0 ws0">note<span class="_"> </span>that<span class="_"> </span>some<span class="_"> </span>of<span class="_"> </span>these<span class="_"> </span>test<span class="_"> </span>cases<span class="_"> </span>have<span class="_"> </span>be<span class="_ _4"></span>en<span class="_"> </span>developed<span class="_"> </span>speci&#58907;cally</div><div class="t mf x11 h6 y7e ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>evade<span class="_"> </span>our<span class="_"> </span>own<span class="_"> </span>system<span class="_ _6"> </span>and<span class="_"> </span>that<span class="_"> </span>we<span class="_"> </span>included<span class="_"> </span>in<span class="_"> </span>the<span class="_"> </span>benchmark</div><div class="t m3 x11 h6 y7f ff2 fs4 fc0 sc0 ls0 ws0">even<span class="_ _8"> </span>a<span class="_ _8"> </span>never-seen-b<span class="_ _4"></span>efore<span class="_ _8"> </span>real-world<span class="_ _8"> </span>malware<span class="_ _8"> </span>sample<span class="_ _6"> </span>that<span class="_ _8"> </span>was<span class="_ _6"> </span>made</div><div class="t m5 x13 h6 y49 ff2 fs4 fc0 sc0 ls0 ws0">public<span class="_ _5"> </span>after<span class="_ _5"> </span>we<span class="_ _5"> </span>had<span class="_ _5"> </span>&#58907;nalized<span class="_ _5"> </span>our<span class="_ _5"> </span>prototype.<span class="_ _5"> </span>Nonetheless,<span class="_ _5"> </span><span class="ff5">Click-</span></div><div class="t m9 x13 h6 y4a ff5 fs4 fc0 sc0 ls0 ws0">Shield<span class="_ _b"> </span><span class="ff2">is<span class="_"> </span>able<span class="_"> </span>to<span class="_"> </span>detect<span class="_"> </span>all<span class="_"> </span>attack<span class="_"> </span>scenarios<span class="_"> </span>without<span class="_"> </span>b<span class="_ _4"></span>eing<span class="_"> </span>a&#58909;ected</span></div><div class="t m2 x13 h6 y80 ff2 fs4 fc0 sc0 ls0 ws0">by<span class="_"> </span>backward<span class="_"> </span>compatibility<span class="_"> </span>concerns.<span class="_"> </span>Moreover<span class="_ _3"></span>,<span class="_"> </span>our<span class="_"> </span>proposal<span class="_"> </span>has<span class="_"> </span>a</div><div class="t m9 x13 h6 y81 ff2 fs4 fc0 sc0 ls0 ws0">negligible<span class="_"> </span>performance<span class="_"> </span>impact,<span class="_"> </span>and<span class="_"> </span>it<span class="_"> </span>is<span class="_"> </span>thus<span class="_"> </span>suitable<span class="_"> </span>for<span class="_"> </span>adoption</div><div class="t m1c x13 h6 y82 ff2 fs4 fc0 sc0 ls0 ws0">on<span class="_"> </span>mobile<span class="_"> </span>devices.<span class="_"> </span>W<span class="_ _3"></span>e<span class="_"> </span>believe<span class="_"> </span><span class="ff5">ClickShield<span class="_ _b"> </span></span>to<span class="_"> </span>be<span class="_ _5"> </span>the<span class="_"> </span>&#58907;rst<span class="_"> </span>practical</div><div class="t m12 x13 h6 y83 ff2 fs4 fc0 sc0 ls0 ws0">approach<span class="_"> </span>that<span class="_"> </span>has<span class="_"> </span>the<span class="_"> </span>potential<span class="_"> </span>to<span class="_"> </span>fully<span class="_"> </span>eradicate<span class="_ _6"> </span>clickjacking<span class="_"> </span>on</div><div class="t m0 x13 h6 y84 ff2 fs4 fc0 sc0 ls0 ws0">Android.</div><div class="t m0 x13 h6 y85 ff2 fs4 fc0 sc0 ls0 ws0">In<span class="_"> </span>summary<span class="_ _3"></span>,<span class="_"> </span>this<span class="_"> </span>paper<span class="_"> </span>makes<span class="_"> </span>the<span class="_"> </span>following<span class="_"> </span>contributions:</div><div class="t m0 x32 h10 y86 ff8 fs4 fc0 sc0 ls0 ws0">&#8226;</div><div class="t m1d x33 h6 y86 ff2 fs4 fc0 sc0 ls0 ws0">W<span class="_ _3"></span>e<span class="_"> </span>highlight<span class="_"> </span>ho<span class="_ _2"></span>w<span class="_"> </span>clickjacking<span class="_"> </span>on<span class="_"> </span>mobile<span class="_"> </span>devices<span class="_"> </span>is<span class="_"> </span>still<span class="_ _6"> </span>an</div><div class="t m3 x33 h6 y87 ff2 fs4 fc0 sc0 ls0 ws0">open<span class="_ _6"> </span>problem<span class="_ _8"> </span>and<span class="_"> </span>ho<span class="_ _2"></span>w<span class="_ _6"> </span>the<span class="_ _8"> </span>attack<span class="_"> </span>surface<span class="_ _8"> </span>is<span class="_ _6"> </span>much<span class="_ _6"> </span>wider<span class="_ _8"> </span>than</div><div class="t m0 xe h6 y88 ff2 fs4 fc0 sc0 ls0 ws0">what<span class="_"> </span>previously<span class="_"> </span>thought.</div><div class="t m0 x32 h10 y89 ff8 fs4 fc0 sc0 ls0 ws0">&#8226;</div><div class="t m5 x33 h6 y89 ff2 fs4 fc0 sc0 ls0 ws0">W<span class="_ _3"></span>e<span class="_"> </span>show<span class="_ _5"> </span>how<span class="_ _5"> </span>current<span class="_ _5"> </span>defense<span class="_ _5"> </span>mechanisms<span class="_ _7"> </span>fall<span class="_"> </span>short<span class="_ _5"> </span>and</div><div class="t m5 xe h6 y8a ff2 fs4 fc0 sc0 ls0 ws0">we<span class="_"> </span>discuss<span class="_"> </span>the<span class="_"> </span>main<span class="_"> </span>challenge<span class="_"> </span>Google<span class="_"> </span>is<span class="_"> </span>facing:<span class="_"> </span>backward</div><div class="t m1e x33 h6 y8b ff2 fs4 fc0 sc0 ls0 ws0">compatibility<span class="_"> </span>issues,<span class="_"> </span>which<span class="_"> </span>would<span class="_"> </span>br<span class="_ _2"></span>eak<span class="_"> </span>core<span class="_"> </span>functionality</div><div class="t m0 x33 h6 y8c ff2 fs4 fc0 sc0 ls0 ws0">of<span class="_"> </span>popular<span class="_"> </span>apps<span class="_"> </span>used<span class="_"> </span>by<span class="_"> </span>millions<span class="_"> </span>of<span class="_"> </span>users.</div><div class="t m0 x32 h10 y8d ff8 fs4 fc0 sc0 ls0 ws0">&#8226;</div><div class="t m3 x33 h6 y8d ff2 fs4 fc0 sc0 ls0 ws0">W<span class="_ _3"></span>e<span class="_ _8"> </span>gather<span class="_ _8"> </span>insights<span class="_ _8"> </span>on<span class="_ _8"> </span>how<span class="_ _6"> </span>apps<span class="_ _8"> </span>use<span class="_ _8"> </span>the<span class="_ _6"> </span>user<span class="_ _8"> </span>interface<span class="_ _8"> </span>and<span class="_ _8"> </span>we</div><div class="t m17 x33 h6 y8e ff2 fs4 fc0 sc0 ls0 ws0">systematically<span class="_"> </span>explore<span class="_"> </span>the<span class="_"> </span>design<span class="_"> </span>space<span class="_"> </span>for<span class="_"> </span>an<span class="_"> </span>e&#58909;ective<span class="_"> </span>and</div><div class="t m10 x33 h6 y8f ff2 fs4 fc0 sc0 ls0 ws0">practical<span class="_"> </span>defense<span class="_"> </span>mechanism.<span class="_"> </span>W<span class="_ _3"></span>e<span class="_"> </span>build<span class="_"> </span>on<span class="_"> </span>these<span class="_"> </span>insights<span class="_"> </span>to</div><div class="t m16 x33 h6 y90 ff2 fs4 fc0 sc0 ls0 ws0">design<span class="_"> </span><span class="ff5">ClickShield</span>,<span class="_"> </span>a<span class="_"> </span>novel<span class="_"> </span>defense<span class="_"> </span>mechanism<span class="_"> </span>for<span class="_"> </span>mobile</div><div class="t m0 x33 h6 y91 ff2 fs4 fc0 sc0 ls0 ws0">clickjacking.</div><div class="t m0 x32 h10 y92 ff8 fs4 fc0 sc0 ls0 ws0">&#8226;</div><div class="t m5 x33 h6 y92 ff2 fs4 fc0 sc0 ls0 ws0">W<span class="_ _3"></span>e<span class="_ _9"> </span>evaluate<span class="_ _9"> </span><span class="ff5">ClickShield<span class="_ _e"> </span></span>against<span class="_ _9"> </span><span class="ff5">ClickBench</span>,<span class="_ _e"> </span>the<span class="_ _9"> </span>&#58907;rst</div><div class="t m16 x33 h6 y93 ff2 fs4 fc0 sc0 ls0 ws0">benchmark<span class="_"> </span>dataset<span class="_"> </span>for<span class="_"> </span>clickjacking<span class="_"> </span>solutions.<span class="_"> </span>W<span class="_ _3"></span>e<span class="_"> </span>show<span class="_"> </span>that</div><div class="t me x33 h6 y94 ff2 fs4 fc0 sc0 ls0 ws0">our<span class="_"> </span>system<span class="_"> </span>is<span class="_"> </span>e&#58909;ective<span class="_"> </span>at<span class="_"> </span>stopping<span class="_"> </span>the<span class="_ _5"> </span>threat<span class="_"> </span>of<span class="_"> </span>clickjacking</div><div class="t m0 x33 h6 y95 ff2 fs4 fc0 sc0 ls0 ws0">and<span class="_"> </span>it<span class="_"> </span>addresses<span class="_"> </span>backward<span class="_"> </span>compatibility<span class="_"> </span>concerns.</div><div class="t m5 x13 h6 y96 ff2 fs4 fc0 sc0 ls0 ws0">T<span class="_ _3"></span>o<span class="_"> </span>ease<span class="_ _5"> </span>the<span class="_"> </span>reproducibility<span class="_"> </span>of<span class="_ _5"> </span>this<span class="_"> </span>work,<span class="_"> </span>we<span class="_ _5"> </span>will<span class="_"> </span>publicly<span class="_ _5"> </span>release</div><div class="t m0 x13 h6 y97 ff2 fs4 fc0 sc0 ls0 ws0">our<span class="_"> </span>prototype<span class="_"> </span>and<span class="_"> </span>our<span class="_"> </span>benchmark<span class="_"> </span>dataset.</div><div class="t m0 x13 h5 y98 ff3 fs3 fc0 sc0 ls0 ws0">2<span class="_ _d"> </span>BA<span class="_ _3"></span>CKGROUND<span class="_ _5"> </span>ON<span class="_ _7"> </span>ANDROID<span class="_ _5"> </span>UI</div><div class="t m3 x13 h6 y99 ff2 fs4 fc0 sc0 ls0 ws0">In<span class="_ _8"> </span>Android,<span class="_ _8"> </span>third-party<span class="_ _a"> </span>apps<span class="_ _8"> </span>having<span class="_ _8"> </span>the<span class="_ _8"> </span>SYSTEM_ALERT_<span class="_ _3"></span>WINDO<span class="_ _4"></span>W</div><div class="t m3 x13 h6 y9a ff2 fs4 fc0 sc0 ls0 ws0">permission<span class="_ _6"> </span>have<span class="_ _8"> </span>the<span class="_ _6"> </span>ability<span class="_ _8"> </span>to<span class="_ _6"> </span>create<span class="_ _8"> </span>arbitrar<span class="_ _4"></span>y<span class="_ _8"> </span>windows,<span class="_ _6"> </span>also<span class="_ _8"> </span>known</div><div class="t m5 x13 h6 y9b ff2 fs4 fc0 sc0 ls0 ws0">as<span class="_ _5"> </span><span class="ff4">overlays</span>,<span class="_ _7"> </span>that<span class="_ _5"> </span>are<span class="_ _7"> </span>render<span class="_ _2"></span>ed<span class="_ _7"> </span>on<span class="_ _5"> </span>top<span class="_ _7"> </span>of<span class="_ _5"> </span>the<span class="_ _7"> </span>current<span class="_ _5"> </span>activity<span class="_ _3"></span>.<span class="_ _7"> </span>For</div><div class="t m5 x13 h6 y9c ff2 fs4 fc0 sc0 ls0 ws0">apps<span class="_ _5"> </span>hosted<span class="_ _5"> </span>on<span class="_ _7"> </span>the<span class="_"> </span>o&#58908;cial<span class="_ _7"> </span>Google<span class="_ _5"> </span>Play<span class="_ _5"> </span>Store,<span class="_ _5"> </span>this<span class="_ _7"> </span>permission<span class="_"> </span>is</div><div class="t m5 x13 h6 y9d ff2 fs4 fc0 sc0 ls0 ws0">automatically<span class="_ _7"> </span>granted,<span class="_ _9"> </span>without<span class="_ _7"> </span>the<span class="_ _7"> </span>user<span class="_ _9"> </span>being<span class="_ _7"> </span>noti&#58907;ed<span class="_ _9"> </span>about<span class="_ _7"> </span>it.</div><div class="t m3 x13 h6 y9e ff2 fs4 fc0 sc0 ls0 ws0">Apps<span class="_"> </span>hav<span class="_ _2"></span>e<span class="_"> </span>complete<span class="_ _6"> </span>control<span class="_"> </span>o<span class="_ _2"></span>ver<span class="_"> </span>the<span class="_ _6"> </span>overlays<span class="_ _6"> </span>they<span class="_"> </span>cr<span class="_ _2"></span>eate.<span class="_ _6"> </span>In<span class="_"> </span>partic-</div><div class="t m1 x13 h6 y9f ff2 fs4 fc0 sc0 ls0 ws0">ular<span class="_ _3"></span>,<span class="_"> </span>they<span class="_"> </span>can<span class="_"> </span>control<span class="_"> </span>their<span class="_"> </span>size<span class="_"> </span>and<span class="_"> </span>p<span class="_ _4"></span>osition,<span class="_"> </span>and<span class="_"> </span>whether<span class="_"> </span>they<span class="_"> </span>are</div><div class="t m5 x13 h6 ya0 ff2 fs4 fc0 sc0 ls0 ws0">opaque<span class="_"> </span>or<span class="_"> </span>(semi-)transpar<span class="_ _2"></span>ent.<span class="_"> </span>Apps<span class="_"> </span>can<span class="_"> </span>also<span class="_"> </span>create<span class="_"> </span>overlays<span class="_"> </span>that</div><div class="t m10 x13 h6 ya1 ff2 fs4 fc0 sc0 ls0 ws0">are<span class="_"> </span>either<span class="_"> </span><span class="ff4">clickable<span class="_ _b"> </span></span>(i.e.,<span class="_"> </span>when<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>clicks<span class="_"> </span>on<span class="_"> </span>them,<span class="_"> </span>the<span class="_"> </span>overlay</div><div class="t m1f x13 h6 ya2 ff2 fs4 fc0 sc0 ls0 ws0">will<span class="_"> </span>capture<span class="_"> </span>the<span class="_"> </span>click)<span class="_"> </span>or<span class="_"> </span><span class="ff4">passthrough<span class="_ _b"> </span></span>(i.e.,<span class="_"> </span>the<span class="_"> </span>click<span class="_"> </span>is<span class="_"> </span>not<span class="_"> </span>captured</div><div class="t m5 x13 h6 ya3 ff2 fs4 fc0 sc0 ls0 ws0">by<span class="_"> </span>the<span class="_"> </span>overlay<span class="_"> </span>and<span class="_"> </span>it<span class="_"> </span>is<span class="_ _5"> </span>passed<span class="_"> </span>to<span class="_"> </span>the<span class="_ _5"> </span>overlay<span class="_"> </span>or<span class="_"> </span>activity<span class="_"> </span>beneath</div><div class="t m20 x13 h6 ya4 ff2 fs4 fc0 sc0 ls0 ws0">it).<span class="_"> </span>Starting<span class="_"> </span>from<span class="_"> </span>Android<span class="_"> </span>8.0,<span class="_"> </span>apps<span class="_"> </span>are<span class="_"> </span>forbidden<span class="_"> </span>to<span class="_"> </span>draw<span class="_"> </span>overlays</div><div class="t m5 x13 h6 ya5 ff2 fs4 fc0 sc0 ls0 ws0">on<span class="_ _5"> </span>top<span class="_ _7"> </span>of<span class="_ _5"> </span>the<span class="_ _5"> </span>lock<span class="_ _7"> </span>screen,<span class="_ _5"> </span>the<span class="_ _7"> </span>status<span class="_"> </span>bar<span class="_ _2"></span>,<span class="_ _5"> </span>and<span class="_ _7"> </span>the<span class="_ _5"> </span>navigation<span class="_ _5"> </span>bar<span class="_ _3"></span>.</div><div class="t m3 x13 h6 ya6 ff2 fs4 fc0 sc0 ls0 ws0">While<span class="_"> </span>these<span class="_"> </span>ne<span class="_ _2"></span>w<span class="_"> </span>constraints<span class="_ _6"> </span>are<span class="_"> </span>an<span class="_"> </span>e&#58909;ective<span class="_ _6"> </span>protection<span class="_"> </span>against<span class="_"> </span>ran-</div><div class="t m3 x13 h6 ya7 ff2 fs4 fc0 sc0 ls0 ws0">somware<span class="_"> </span>(because<span class="_"> </span>it<span class="_"> </span>do<span class="_ _4"></span>es<span class="_"> </span>not<span class="_"> </span>have<span class="_"> </span>a<span class="_"> </span>chance<span class="_"> </span>to<span class="_"> </span>completely<span class="_"> </span>lock<span class="_"> </span>the</div><div class="t m1e x13 h6 ya8 ff2 fs4 fc0 sc0 ls0 ws0">device),<span class="_"> </span>they<span class="_"> </span>hav<span class="_ _2"></span>e<span class="_"> </span>no<span class="_"> </span>impact<span class="_"> </span>against<span class="_"> </span>clickjacking<span class="_"> </span>attacks<span class="_"> </span>because</div><div class="t m0 x13 h6 ya9 ff2 fs4 fc0 sc0 ls0 ws0">overlaying<span class="_"> </span>these<span class="_"> </span>sensitive<span class="_"> </span>UI<span class="_"> </span>components<span class="_"> </span>is<span class="_"> </span>not<span class="_"> </span>rele<span class="_ _2"></span>vant.</div><div class="t m0 x13 h5 yaa ff3 fs3 fc0 sc0 ls0 ws0">3<span class="_ _d"> </span>CLICKJA<span class="_ _3"></span>CKING<span class="_ _7"> </span>ON<span class="_ _7"> </span>ANDROID</div><div class="t m1d x13 h6 yab ff2 fs4 fc0 sc0 ls0 ws0">This<span class="_"> </span>section<span class="_"> </span>discusses<span class="_"> </span>current<span class="_"> </span>techniques<span class="_"> </span>to<span class="_"> </span>perform<span class="_"> </span>clickjacking</div><div class="t m16 x13 h6 yac ff2 fs4 fc0 sc0 ls0 ws0">on<span class="_"> </span>Android<span class="_"> </span>and<span class="_"> </span>the<span class="_"> </span>security<span class="_"> </span>mechanisms<span class="_"> </span>in<span class="_"> </span>place<span class="_ _5"> </span>to<span class="_"> </span>prevent<span class="_"> </span>them.</div><div class="t m0 x13 he yad ff3 fs4 fc0 sc0 ls0 ws0">Traditional<span class="_ _5"> </span>clickjacking<span class="_ _5"> </span>attack.</div><div class="t m5 x34 h6 yad ff2 fs4 fc0 sc0 ls0 ws0">The<span class="_ _5"> </span>essence<span class="_ _7"> </span>of<span class="_ _5"> </span>a<span class="_ _5"> </span>clickjacking</div><div class="t m3 x13 h6 yae ff2 fs4 fc0 sc0 ls0 ws0">attack<span class="_ _6"> </span>is<span class="_ _8"> </span>ab<span class="_ _4"></span>out<span class="_ _8"> </span>confusing<span class="_ _6"> </span>the<span class="_ _6"> </span>user<span class="_ _6"> </span>and<span class="_ _8"> </span>luring<span class="_ _6"> </span>her<span class="_ _6"> </span>to<span class="_ _6"> </span>perform<span class="_ _6"> </span>a<span class="_ _8"> </span>&#8220;click&#8221;</div><div class="t m6 x13 h6 yaf ff2 fs4 fc0 sc0 ls0 ws0">action<span class="_"> </span>so<span class="_"> </span>that<span class="_"> </span>the<span class="_"> </span>attacker<span class="_"> </span>achieves<span class="_"> </span>her<span class="_"> </span>malicious<span class="_"> </span>goals<span class="_"> </span>(<span class="_ _3"></span>e.g.,<span class="_"> </span>addi-</div><div class="t m5 x13 h6 yb0 ff2 fs4 fc0 sc0 ls0 ws0">tional<span class="_ _5"> </span>permissions<span class="_ _5"> </span>are<span class="_ _5"> </span>granted).<span class="_ _5"> </span>Traditional<span class="_"> </span>clickjacking<span class="_ _5"> </span>attacks,</div><div class="t m21 x13 h6 yb1 ff2 fs4 fc0 sc0 ls0 ws0">introduced<span class="_"> </span>in<span class="_"> </span>[</div><div class="t m0 x35 h6 yb1 ff2 fs4 fc0 sc0 ls0 ws0">17</div><div class="t m21 x36 h6 yb1 ff2 fs4 fc0 sc0 ls0 ws0">],<span class="_"> </span>consist<span class="_"> </span>in<span class="_"> </span>the<span class="_"> </span>following<span class="_ _6"> </span>steps:<span class="_"> </span>1)<span class="_"> </span>The<span class="_"> </span>attacker</div><div class="t m5 x13 h6 yb2 ff2 fs4 fc0 sc0 ls0 ws0">creates<span class="_"> </span>an<span class="_"> </span>ov<span class="_ _2"></span>erlay<span class="_"> </span>that<span class="_"> </span>is<span class="_"> </span>fullscreen,<span class="_"> </span>opaque<span class="_ _2"></span>,<span class="_"> </span>and<span class="_"> </span>passthrough;<span class="_"> </span>2)</div><div class="c x11 y46 w2 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">Session 6B: Mobile 1</div></div><div class="c x2e y46 w3 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">CCS&#8217;18, October 15-19, 2018, Toronto, ON, Canada</div></div><div class="c x2f y48 w4 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">1121</div></div><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a></div><div class="pi" data-data='{"ctm":[1.568627,0.000000,0.000000,1.568627,0.000000,0.000000]}'></div></div>

<div id="pf3" class="pf w0 h0" data-page-no="3"><div class="pc pc3 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://csdnimg.cn/release/download_crawler_static/12728047/bg3.jpg"><div class="t ma x11 h6 y49 ff2 fs4 fc0 sc0 ls0 ws0">Unbeknownst<span class="_"> </span>to<span class="_"> </span>the<span class="_"> </span>user<span class="_ _3"></span>,<span class="_"> </span>the<span class="_"> </span>attacker<span class="_"> </span>spawns<span class="_"> </span>the<span class="_ _5"> </span>victim<span class="_"> </span>app<span class="_"> </span>(e.g.,</div><div class="t m1a x11 h6 y4a ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_"> </span>Android<span class="_"> </span>Settings<span class="_"> </span>app)<span class="_"> </span>below<span class="_"> </span>the<span class="_"> </span>opaque<span class="_"> </span>ov<span class="_ _2"></span>erlay;<span class="_"> </span>3)<span class="_"> </span>The<span class="_"> </span>mali-</div><div class="t m22 x11 h6 y80 ff2 fs4 fc0 sc0 ls0 ws0">cious<span class="_"> </span>app<span class="_"> </span>lures<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>to<span class="_"> </span>click<span class="_"> </span>on<span class="_ _6"> </span>a<span class="_"> </span>speci&#58907;c<span class="_"> </span>p<span class="_ _4"></span>oint<span class="_"> </span>on<span class="_"> </span>the<span class="_"> </span>screen;</div><div class="t m11 x11 h6 y81 ff2 fs4 fc0 sc0 ls0 ws0">and<span class="_"> </span>4)<span class="_"> </span>The<span class="_"> </span>click<span class="_"> </span>passes<span class="_"> </span>through<span class="_"> </span>the<span class="_"> </span>opaque<span class="_"> </span>ov<span class="_ _2"></span>erlay<span class="_"> </span>and<span class="_"> </span>reaches<span class="_"> </span>a</div><div class="t m3 x11 h6 y82 ff2 fs4 fc0 sc0 ls0 ws0">security-sensitive<span class="_"> </span>button<span class="_ _6"> </span>beneath<span class="_"> </span>the<span class="_"> </span>malicious<span class="_ _6"> </span>app,<span class="_ _6"> </span>at<span class="_"> </span>which<span class="_"> </span>point</div><div class="t m0 x11 h6 y83 ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_"> </span>attack<span class="_"> </span>is<span class="_"> </span>completed.</div><div class="t m5 x12 h6 y84 ff2 fs4 fc0 sc0 ls0 ws0">While<span class="_"> </span>the<span class="_"> </span>steps<span class="_ _5"> </span>above<span class="_"> </span>focus<span class="_ _5"> </span>on<span class="_"> </span>hijacking<span class="_"> </span>one<span class="_ _5"> </span>single<span class="_"> </span>click,<span class="_ _5"> </span>the</div><div class="t m6 x11 h6 y85 ff2 fs4 fc0 sc0 ls0 ws0">recent<span class="_"> </span>Cloak<span class="_"> </span>&amp;<span class="_"> </span>Dagger<span class="_"> </span>work<span class="_"> </span>[</div><div class="t m0 x37 h6 y85 ff2 fs4 fc0 sc0 ls0 ws0">10</div><div class="t m6 x38 h6 y85 ff2 fs4 fc0 sc0 ls0 ws0">]<span class="_"> </span>showed<span class="_"> </span>how<span class="_"> </span>this<span class="_"> </span>technique<span class="_"> </span>can</div><div class="t m5 x11 h6 yb3 ff2 fs4 fc0 sc0 ls0 ws0">be<span class="_"> </span>easily<span class="_"> </span>extended<span class="_ _5"> </span>to<span class="_"> </span>a<span class="_"> </span>multi-click<span class="_ _5"> </span>scenario:<span class="_"> </span>by<span class="_"> </span>using<span class="_"> </span>a<span class="_ _5"> </span>combina-</div><div class="t m1e x11 h6 yb4 ff2 fs4 fc0 sc0 ls0 ws0">tion<span class="_"> </span>of<span class="_"> </span>&#58910;ags<span class="_"> </span>when<span class="_"> </span>creating<span class="_"> </span>the<span class="_"> </span>o<span class="_ _2"></span>verlays,<span class="_"> </span>the<span class="_"> </span>attacker<span class="_"> </span>can<span class="_"> </span>cr<span class="_ _2"></span>eate<span class="_"> </span>a</div><div class="t m1d x11 h6 yb5 ff2 fs4 fc0 sc0 ls0 ws0">side-channel<span class="_"> </span>to<span class="_"> </span>infer<span class="_"> </span>that<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>has<span class="_"> </span>just<span class="_"> </span>clicked<span class="_"> </span>where<span class="_"> </span>she<span class="_"> </span>was</div><div class="t m5 x11 h6 yb6 ff2 fs4 fc0 sc0 ls0 ws0">supposed<span class="_"> </span>to<span class="_"> </span>click;<span class="_"> </span>up<span class="_ _4"></span>on<span class="_"> </span>the<span class="_"> </span>reception<span class="_"> </span>of<span class="_"> </span>this<span class="_"> </span>&#8220;signal,<span class="_ _1"></span>&#8221;<span class="_"> </span>it<span class="_"> </span>can<span class="_"> </span>then</div><div class="t m5 x11 h6 yb7 ff2 fs4 fc0 sc0 ls0 ws0">modify<span class="_ _7"> </span>the<span class="_ _5"> </span>on-top<span class="_ _5"> </span>overlays<span class="_ _7"> </span>to<span class="_ _5"> </span>lure<span class="_ _5"> </span>the<span class="_ _7"> </span>user<span class="_ _5"> </span>to<span class="_ _7"> </span>click<span class="_ _5"> </span>on<span class="_ _7"> </span>the<span class="_ _5"> </span>next</div><div class="t m3 x11 h6 yb8 ff2 fs4 fc0 sc0 ls0 ws0">button.<span class="_"> </span>Of<span class="_ _6"> </span>course,<span class="_ _6"> </span>the<span class="_"> </span>higher<span class="_ _6"> </span>the<span class="_"> </span>number<span class="_"> </span>of<span class="_ _6"> </span>clicks<span class="_"> </span>r<span class="_ _2"></span>equired,<span class="_"> </span>the<span class="_ _6"> </span>less</div><div class="t m16 x11 h6 yb9 ff2 fs4 fc0 sc0 ls0 ws0">practical<span class="_"> </span>the<span class="_"> </span>attack<span class="_"> </span>is.<span class="_"> </span>However<span class="_ _3"></span>,<span class="_"> </span>the<span class="_"> </span>authors<span class="_"> </span>of<span class="_"> </span>C&amp;D<span class="_"> </span>work<span class="_"> </span>showed</div><div class="t mc x11 h6 yba ff2 fs4 fc0 sc0 ls0 ws0">through<span class="_"> </span>a<span class="_"> </span>user<span class="_"> </span>study<span class="_"> </span>that<span class="_"> </span>e<span class="_ _2"></span>ven<span class="_"> </span>an<span class="_"> </span>attack<span class="_"> </span>requiring<span class="_"> </span>thr<span class="_ _2"></span>ee<span class="_"> </span>clicks<span class="_"> </span>is</div><div class="t m0 x11 h6 ybb ff2 fs4 fc0 sc0 ls0 ws0">very<span class="_"> </span>practical.</div><div class="t m0 x11 he ybc ff3 fs4 fc0 sc0 ls0 ws0">Obscured<span class="_ _b"> </span>&#58910;ag<span class="_ _b"> </span>defense.</div><div class="t m3 x39 h6 ybc ff2 fs4 fc0 sc0 ls0 ws0">T<span class="_ _3"></span>o<span class="_"> </span>protect<span class="_"> </span>from<span class="_"> </span>these<span class="_"> </span>threats,<span class="_"> </span>Google<span class="_"> </span>im-</div><div class="t m5 x11 h6 ybd ff2 fs4 fc0 sc0 ls0 ws0">plemented<span class="_ _7"> </span>a<span class="_ _7"> </span>mechanism<span class="_ _7"> </span>to<span class="_ _7"> </span>allow<span class="_ _7"> </span>apps<span class="_ _7"> </span>(<span class="_ _4"></span>both<span class="_ _7"> </span>Google&#8217;s<span class="_ _7"> </span>own<span class="_ _7"> </span>and</div><div class="t m5 x11 h6 ybe ff2 fs4 fc0 sc0 ls0 ws0">third-party<span class="_ _5"> </span>ones)<span class="_ _5"> </span>to<span class="_ _7"> </span>protect<span class="_ _5"> </span>themselves.<span class="_ _5"> </span>This<span class="_ _7"> </span>mechanism,<span class="_ _5"> </span>calle<span class="_ _4"></span>d</div><div class="t m13 x3a h6 ybf ff2 fs4 fc0 sc0 ls0 ws0">&#8220;obscur<span class="_ _2"></span>ed<span class="_"> </span>&#58910;ag,<span class="_ _1"></span>&#8221;<span class="_"> </span>works<span class="_"> </span>by<span class="_"> </span>signaling<span class="_ _6"> </span>(via<span class="_"> </span>a<span class="_"> </span>boolean<span class="_"> </span>&#58910;ag)<span class="_"> </span>to</div><div class="t m0 x3b h11 ybf ff9 fs4 fc0 sc0 ls0 ws0">Button</div><div class="t m5 x11 h6 yc0 ff2 fs4 fc0 sc0 ls0 ws0">widgets<span class="_"> </span>that,<span class="_"> </span>when<span class="_"> </span>the<span class="_"> </span>click<span class="_"> </span>was<span class="_"> </span>performed,<span class="_"> </span>an<span class="_"> </span>overlay<span class="_"> </span>was<span class="_"> </span>co<span class="_ _2"></span>v-</div><div class="t m23 x11 h6 yc1 ff2 fs4 fc0 sc0 ls0 ws0">ering<span class="_"> </span>(or<span class="_"> </span>&#8220;<span class="_ _3"></span>obscuring&#8221;)<span class="_"> </span>it,<span class="_"> </span>independently<span class="_"> </span>from<span class="_"> </span>whether<span class="_"> </span>the<span class="_"> </span>on-top</div><div class="t mf x11 h6 yc2 ff2 fs4 fc0 sc0 ls0 ws0">overlay<span class="_"> </span>is<span class="_"> </span>opaque<span class="_"> </span>or<span class="_ _6"> </span>transparent.<span class="_"> </span>This<span class="_"> </span>is<span class="_"> </span>how<span class="_"> </span>the<span class="_"> </span>Android<span class="_"> </span>frame-</div><div class="t m1d x11 h6 yc3 ff2 fs4 fc0 sc0 ls0 ws0">work<span class="_"> </span>signals<span class="_"> </span>to<span class="_"> </span>an<span class="_"> </span>app<span class="_"> </span>the<span class="_"> </span>possibility<span class="_"> </span>of<span class="_"> </span>an<span class="_"> </span>on-going<span class="_"> </span>clickjacking</div><div class="t m3 x11 h6 yc4 ff2 fs4 fc0 sc0 ls0 ws0">attack.<span class="_"> </span>Google<span class="_ _6"> </span>adopted<span class="_"> </span>this<span class="_ _6"> </span>mechanism<span class="_"> </span>to<span class="_ _6"> </span>protect<span class="_"> </span>its<span class="_ _6"> </span>most<span class="_ _6"> </span>sensitive</div><div class="t m0 x11 h6 yc5 ff2 fs4 fc0 sc0 ls0 ws0">Android<span class="_"> </span>apps,<span class="_"> </span>such<span class="_"> </span>as<span class="_"> </span>the<span class="_"> </span>Settings<span class="_"> </span>app.</div><div class="t m0 x11 he yc6 ff3 fs4 fc0 sc0 ls0 ws0">Context-hiding<span class="_ _b"> </span>attack.</div><div class="t m12 x1 h6 yc6 ff2 fs4 fc0 sc0 ls0 ws0">Although<span class="_"> </span>the<span class="_"> </span>obscured<span class="_"> </span>&#58910;ag<span class="_"> </span>mechanism</div><div class="t m5 x11 h6 yc7 ff2 fs4 fc0 sc0 ls0 ws0">raises<span class="_ _5"> </span>the<span class="_ _5"> </span>bar<span class="_ _5"> </span>for<span class="_ _5"> </span>attacks,<span class="_ _5"> </span>it<span class="_ _5"> </span>was<span class="_ _5"> </span>recently<span class="_ _5"> </span>discovered<span class="_ _5"> </span>to<span class="_ _5"> </span>be<span class="_ _5"> </span>easily</div><div class="t m5 x11 h6 yc8 ff2 fs4 fc0 sc0 ls0 ws0">bypassable,<span class="_"> </span>with<span class="_ _7"> </span>a<span class="_"> </span>te<span class="_ _4"></span>chnique<span class="_ _5"> </span>called<span class="_ _5"> </span>&#8220;context-hiding<span class="_"> </span>attack&#8221;<span class="_ _5"> </span>[</div><div class="t m0 x3c h6 yc8 ff2 fs4 fc0 sc0 ls0 ws0">10</div><div class="t m5 x3d h6 yc8 ff2 fs4 fc0 sc0 ls0 ws0">].</div><div class="t m5 x11 h6 yc9 ff2 fs4 fc0 sc0 ls0 ws0">The<span class="_ _5"> </span>key<span class="_ _7"> </span>observation<span class="_ _7"> </span>behind<span class="_ _5"> </span>this<span class="_ _7"> </span>technique<span class="_ _5"> </span>is<span class="_ _7"> </span>that<span class="_ _5"> </span>as<span class="_ _7"> </span>long<span class="_ _5"> </span>as<span class="_ _7"> </span>an</div><div class="t m24 x11 h6 yca ff2 fs4 fc0 sc0 ls0 ws0">attacker<span class="_"> </span>can<span class="_"> </span>hide<span class="_"> </span>the<span class="_"> </span>real,<span class="_"> </span>security-sensitive<span class="_"> </span>context<span class="_"> </span>surrounding<span class="_"> </span>a</div><div class="t m3 x11 h6 ycb ff2 fs4 fc0 sc0 ls0 ws0">generic<span class="_"> </span>OK<span class="_"> </span>button,<span class="_"> </span>it<span class="_"> </span>is<span class="_"> </span>easy<span class="_"> </span>to<span class="_"> </span>lure<span class="_"> </span>the<span class="_ _6"> </span>user<span class="_"> </span>to<span class="_"> </span>click<span class="_"> </span>on<span class="_"> </span>it.<span class="_"> </span>Thus,<span class="_"> </span>by</div><div class="t m3 x11 h6 ycc ff2 fs4 fc0 sc0 ls0 ws0">covering<span class="_ _8"> </span>the<span class="_ _6"> </span>entire<span class="_ _6"> </span>screen<span class="_ _6"> </span><span class="ff4">except<span class="_ _b"> </span></span>the<span class="_ _6"> </span>target<span class="_ _6"> </span>OK<span class="_ _6"> </span>button,<span class="_ _6"> </span>the<span class="_ _6"> </span>obscured</div><div class="t m0 x11 h6 ycd ff2 fs4 fc0 sc0 ls0 ws0">&#58910;ag<span class="_"> </span>defense<span class="_"> </span>can<span class="_"> </span>be<span class="_"> </span>bypassed.</div><div class="t m0 x11 he yce ff3 fs4 fc0 sc0 ls0 ws0">Hide<span class="_ _b"> </span>overlays<span class="_ _b"> </span>defense.</div><div class="t m19 x39 h6 yce ff2 fs4 fc0 sc0 ls0 ws0">Finally<span class="_ _3"></span>,<span class="_"> </span>to<span class="_"> </span>counter<span class="_"> </span>the<span class="_"> </span>threat<span class="_"> </span>of<span class="_"> </span>context-</div><div class="t m21 x11 h6 ycf ff2 fs4 fc0 sc0 ls0 ws0">hiding<span class="_"> </span>attack,<span class="_"> </span>Google<span class="_"> </span>implemented<span class="_"> </span>a<span class="_"> </span>new<span class="_"> </span>defense<span class="_"> </span>mechanism<span class="_"> </span>to</div><div class="t m5 x11 h6 yd0 ff2 fs4 fc0 sc0 ls0 ws0">prevent<span class="_ _5"> </span>it:<span class="_ _7"> </span>in<span class="_ _7"> </span>modern<span class="_ _7"> </span>versions<span class="_ _7"> </span>of<span class="_ _5"> </span>Android<span class="_ _7"> </span>(from<span class="_ _7"> </span>Android<span class="_ _5"> </span>7.1.2),</div><div class="t m25 x11 h6 yd1 ff2 fs4 fc0 sc0 ls0 ws0">when<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>browses<span class="_"> </span>to<span class="_"> </span>the<span class="_"> </span>accessibility<span class="_"> </span>ser<span class="_ _4"></span>vice<span class="_"> </span>menu<span class="_"> </span>or<span class="_"> </span>permis-</div><div class="t m9 x11 h6 yd2 ff2 fs4 fc0 sc0 ls0 ws0">sion<span class="_"> </span>settings,<span class="_"> </span><span class="ff4">all<span class="_ _b"> </span>overlays<span class="_ _b"> </span>are<span class="_ _b"> </span>hidden</span>,<span class="_"> </span>thus<span class="_"> </span>removing<span class="_"> </span>the<span class="_"> </span>possibility</div><div class="t m0 x11 h6 yd3 ff2 fs4 fc0 sc0 ls0 ws0">for<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>to<span class="_"> </span>be<span class="_"> </span>confused<span class="_"> </span>(and<span class="_"> </span>for<span class="_"> </span>malware<span class="_"> </span>to<span class="_"> </span>mount<span class="_"> </span>an<span class="_"> </span>attack).</div><div class="t m0 x11 he yd4 ff3 fs4 fc0 sc0 ls0 ws0">Current<span class="_ _8"> </span>Limitations.</div><div class="t m3 x3e h6 yd4 ff2 fs4 fc0 sc0 ls0 ws0">The<span class="_ _8"> </span>&#8220;Hide<span class="_ _6"> </span>overlay&#8221;<span class="_ _8"> </span>defense<span class="_ _6"> </span>is<span class="_ _6"> </span>very<span class="_ _6"> </span>e&#58909;ective:</div><div class="t m18 x11 h6 yd5 ff2 fs4 fc0 sc0 ls0 ws0">Since<span class="_"> </span>all<span class="_"> </span>the<span class="_"> </span>on-top<span class="_"> </span>overlays<span class="_"> </span>are<span class="_"> </span>hidden,<span class="_"> </span>there<span class="_"> </span>is<span class="_"> </span>no<span class="_"> </span>chance<span class="_"> </span>for<span class="_"> </span>the</div><div class="t m5 x11 h6 yd6 ff2 fs4 fc0 sc0 ls0 ws0">attacker<span class="_ _7"> </span>to<span class="_ _7"> </span>confuse<span class="_ _7"> </span>the<span class="_ _5"> </span>user<span class="_ _2"></span>,<span class="_ _7"> </span>and,<span class="_ _7"> </span>to<span class="_ _5"> </span>the<span class="_ _7"> </span>best<span class="_ _7"> </span>of<span class="_ _7"> </span>our<span class="_ _7"> </span>knowledge,</div><div class="t m3 x11 h6 yd7 ff2 fs4 fc0 sc0 ls0 ws0">clickjacking<span class="_"> </span>is<span class="_ _6"> </span>thus<span class="_"> </span>pr<span class="_ _2"></span>evented.<span class="_ _6"> </span>However<span class="_ _3"></span>,<span class="_ _6"> </span>this<span class="_"> </span>mechanism<span class="_ _6"> </span>is<span class="_"> </span>very<span class="_"> </span>ag-</div><div class="t m3 x11 h6 yd8 ff2 fs4 fc0 sc0 ls0 ws0">gressive<span class="_"> </span>and,<span class="_ _6"> </span>as<span class="_"> </span>we<span class="_"> </span>will<span class="_"> </span>describe<span class="_"> </span>in<span class="_ _6"> </span>Section<span class="_"> </span>6,<span class="_"> </span>it<span class="_"> </span>has<span class="_"> </span>two<span class="_ _6"> </span>limitations.</div><div class="t m5 x11 h6 yd9 ff2 fs4 fc0 sc0 ls0 ws0">First,<span class="_"> </span>it<span class="_ _5"> </span>is<span class="_ _5"> </span>to<span class="_ _4"></span>o<span class="_"> </span>p<span class="_ _4"></span>owerful<span class="_"> </span>to<span class="_ _5"> </span>be<span class="_ _5"> </span>made<span class="_ _5"> </span>available<span class="_ _5"> </span>to<span class="_ _5"> </span>third-party<span class="_"> </span>apps,</div><div class="t m5 x11 h6 yda ff2 fs4 fc0 sc0 ls0 ws0">which<span class="_ _7"> </span>thus<span class="_ _7"> </span>remain<span class="_ _7"> </span>unprotected.<span class="_ _7"> </span>Second,<span class="_ _9"> </span>it<span class="_ _7"> </span>creates<span class="_ _7"> </span>a<span class="_ _7"> </span>number<span class="_ _7"> </span>of</div><div class="t m3 x11 h6 ydb ff2 fs4 fc0 sc0 ls0 ws0">severe<span class="_"> </span>backward<span class="_"> </span>compatibility<span class="_"> </span>issues,<span class="_"> </span>which<span class="_"> </span>would<span class="_"> </span>break<span class="_"> </span>the<span class="_"> </span>main</div><div class="t mc x11 h6 ydc ff2 fs4 fc0 sc0 ls0 ws0">functionality<span class="_"> </span>of<span class="_"> </span>apps<span class="_"> </span>installed<span class="_"> </span>by<span class="_"> </span>millions<span class="_"> </span>of<span class="_"> </span>users.<span class="_"> </span>The<span class="_"> </span>obscur<span class="_ _2"></span>ed</div><div class="t m3 x11 h6 ydd ff2 fs4 fc0 sc0 ls0 ws0">&#58910;ag<span class="_ _6"> </span>mechanism<span class="_ _6"> </span>is<span class="_ _6"> </span>a&#58909;ected<span class="_"> </span>by<span class="_ _8"> </span>similar<span class="_ _6"> </span>backward<span class="_ _6"> </span>compatibility<span class="_ _6"> </span>issues.</div><div class="t m1c x11 h6 yde ff2 fs4 fc0 sc0 ls0 ws0">It<span class="_"> </span>is<span class="_"> </span>in<span class="_"> </span>fact<span class="_"> </span>not<span class="_"> </span>uncommon<span class="_"> </span>to<span class="_ _5"> </span>read<span class="_"> </span>about<span class="_"> </span>users<span class="_"> </span>puzzled<span class="_"> </span>by<span class="_ _5"> </span>usability</div><div class="t m3 x11 h6 ydf ff2 fs4 fc0 sc0 ls0 ws0">problems<span class="_ _6"> </span>due<span class="_"> </span>to<span class="_ _8"> </span>these<span class="_"> </span>mechanisms<span class="_"> </span>[</div><div class="t m0 x3f h6 ydf ff2 fs4 fc0 sc0 ls0 ws0">27</div><div class="t m3 x40 h6 ydf ff2 fs4 fc0 sc0 ls0 ws0">].<span class="_ _6"> </span>This<span class="_"> </span>aspect<span class="_ _6"> </span>pushed<span class="_"> </span>Google</div><div class="t m5 x11 h6 ye0 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>adopt<span class="_"> </span>this<span class="_ _5"> </span>security<span class="_ _5"> </span>mechanism<span class="_"> </span>only<span class="_ _5"> </span>to<span class="_"> </span>protect<span class="_ _5"> </span>the<span class="_"> </span>most<span class="_ _5"> </span>sensi-</div><div class="t m26 x11 h6 ye1 ff2 fs4 fc0 sc0 ls0 ws0">tive<span class="_"> </span>parts<span class="_"> </span>of<span class="_"> </span>the<span class="_"> </span>Android<span class="_"> </span>system<span class="_"> </span>(<span class="_ _3"></span>such<span class="_"> </span>as<span class="_"> </span>the<span class="_"> </span>p<span class="_ _4"></span>ermission<span class="_"> </span>granting</div><div class="t m1a x13 h6 y49 ff2 fs4 fc0 sc0 ls0 ws0">popups),<span class="_"> </span>leaving<span class="_"> </span>many<span class="_"> </span>sensitive<span class="_"> </span>Google-owned<span class="_"> </span>apps<span class="_"> </span>(such<span class="_"> </span>as<span class="_ _6"> </span>the</div><div class="t m0 x13 h6 y4a ff2 fs4 fc0 sc0 ls0 ws0">Google<span class="_"> </span>Play<span class="_"> </span>Store<span class="_"> </span>app)<span class="_"> </span>completely<span class="_"> </span>unprotected.</div><div class="t m0 x13 h5 ye2 ff3 fs3 fc0 sc0 ls0 ws0">4<span class="_ _d"> </span>NEW<span class="_ _5"> </span>A<span class="_ _3"></span>T<span class="_ _c"></span>T<span class="_ _3"></span>A<span class="_ _2"></span>CK<span class="_ _5"> </span>SCENARIOS</div><div class="t m5 x13 h6 ye3 ff2 fs4 fc0 sc0 ls0 ws0">This<span class="_ _7"> </span>se<span class="_ _4"></span>ction<span class="_ _7"> </span>discusses<span class="_ _9"> </span>known<span class="_ _9"> </span>and<span class="_ _7"> </span>several<span class="_ _9"> </span>previously<span class="_ _7"> </span>unknown</div><div class="t m5 x13 h6 ye4 ff2 fs4 fc0 sc0 ls0 ws0">clickjacking<span class="_"> </span>attack<span class="_"> </span>scenarios.<span class="_ _5"> </span>The<span class="_"> </span>feasibility<span class="_"> </span>of<span class="_ _5"> </span>these<span class="_"> </span>attacks<span class="_"> </span>has</div><div class="t m5 x13 h6 ye5 ff2 fs4 fc0 sc0 ls0 ws0">been<span class="_ _7"> </span>tested<span class="_ _5"> </span>on<span class="_ _7"> </span>a<span class="_ _5"> </span>fully<span class="_ _7"> </span>updated<span class="_ _5"> </span>Nexus<span class="_ _5"> </span>5X<span class="_ _7"> </span>running<span class="_ _5"> </span>the<span class="_ _7"> </span>latest<span class="_ _5"> </span>ver-</div><div class="t m27 x13 h6 ye6 ff2 fs4 fc0 sc0 ls0 ws0">sion<span class="_"> </span>of<span class="_"> </span>Android<span class="_"> </span>(8.0)<span class="_"> </span>available<span class="_"> </span>at<span class="_"> </span>the<span class="_"> </span>time<span class="_"> </span>of<span class="_"> </span>writing.<span class="_"> </span>For<span class="_"> </span>the<span class="_ _6"> </span>sake</div><div class="t m13 x13 h6 ye7 ff2 fs4 fc0 sc0 ls0 ws0">of<span class="_"> </span>completeness,<span class="_"> </span>we<span class="_"> </span>include<span class="_"> </span>in<span class="_ _6"> </span>this<span class="_"> </span>discussion<span class="_"> </span>previously<span class="_"> </span>known</div><div class="t m5 x13 h6 ye8 ff2 fs4 fc0 sc0 ls0 ws0">examples<span class="_"> </span>that<span class="_"> </span>are<span class="_"> </span>no<span class="_ _2"></span>w<span class="_"> </span>prev<span class="_ _2"></span>ented<span class="_"> </span>by<span class="_"> </span>currently<span class="_"> </span>deployed<span class="_"> </span>security</div><div class="t m4 x13 h6 ye9 ff2 fs4 fc0 sc0 ls0 ws0">mechanisms.<span class="_"> </span>The<span class="_"> </span>list<span class="_"> </span>of<span class="_"> </span>attacks,<span class="_"> </span>their<span class="_"> </span>feasibility<span class="_ _3"></span>,<span class="_"> </span>and<span class="_"> </span>their<span class="_ _5"> </span>novelty</div><div class="t m0 x13 h6 yea ff2 fs4 fc0 sc0 ls0 ws0">are<span class="_"> </span>systematize<span class="_"> </span>in<span class="_"> </span>T<span class="_ _3"></span>able<span class="_"> </span>2,<span class="_"> </span>in<span class="_"> </span>the<span class="_"> </span>Appendix.</div><div class="t m5 x1e h6 yeb ff2 fs4 fc0 sc0 ls0 ws0">Previous<span class="_ _5"> </span>works<span class="_ _7"> </span>have<span class="_ _5"> </span>shown<span class="_ _5"> </span>how<span class="_ _7"> </span>clickjacking<span class="_ _5"> </span>can<span class="_ _7"> </span>be<span class="_ _7"> </span>used<span class="_ _5"> </span>to</div><div class="t m3 x13 h6 yec ff2 fs4 fc0 sc0 ls0 ws0">lure<span class="_ _6"> </span>the<span class="_"> </span>user<span class="_ _6"> </span>to<span class="_"> </span>unknowingly<span class="_ _6"> </span>grant<span class="_"> </span>additional<span class="_ _6"> </span>permissions<span class="_"> </span>(e<span class="_ _2"></span>.g.,<span class="_"> </span>the</div><div class="t m3 x41 h6 yed ff2 fs4 fc0 sc0 ls0 ws0">&#8220;location&#8221;<span class="_"> </span>permission)<span class="_ _6"> </span>or<span class="_"> </span>even<span class="_ _6"> </span>to<span class="_"> </span>enable<span class="_ _6"> </span>accessibility<span class="_"> </span>service<span class="_ _6"> </span>shown</div><div class="t m28 x13 h6 yee ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>be<span class="_"> </span>enough<span class="_"> </span>to<span class="_"> </span>fully<span class="_ _5"> </span>compromise<span class="_"> </span>the<span class="_"> </span>device<span class="_"> </span>[</div><div class="t m0 x42 h6 yee ff2 fs4 fc0 sc0 ls0 ws0">10</div><div class="t m28 x43 h6 yee ff2 fs4 fc0 sc0 ls0 ws0">].<span class="_"> </span>Google<span class="_"> </span>has<span class="_"> </span>now</div><div class="t m5 x13 h6 yef ff2 fs4 fc0 sc0 ls0 ws0">&#58907;xed<span class="_ _5"> </span>these<span class="_ _5"> </span>attacks<span class="_ _5"> </span>by<span class="_"> </span>implementing<span class="_ _5"> </span>the<span class="_ _5"> </span>&#8220;hide<span class="_ _5"> </span>overlays&#8221;<span class="_ _5"> </span>defense</div><div class="t m0 x13 h6 yf0 ff2 fs4 fc0 sc0 ls0 ws0">mechanism.</div><div class="t m22 x1e h6 yf1 ff2 fs4 fc0 sc0 ls0 ws0">Another<span class="_"> </span>related<span class="_"> </span>work<span class="_"> </span>[</div><div class="t m0 x44 h6 yf1 ff2 fs4 fc0 sc0 ls0 ws0">29</div><div class="t m22 x45 h6 yf1 ff2 fs4 fc0 sc0 ls0 ws0">]<span class="_"> </span>has<span class="_"> </span>shown<span class="_"> </span>how<span class="_"> </span>clickjacking<span class="_"> </span>can<span class="_"> </span>be</div><div class="t m11 x13 h6 yf2 ff2 fs4 fc0 sc0 ls0 ws0">used<span class="_"> </span>to<span class="_"> </span>bypass<span class="_"> </span>several<span class="_"> </span>permissions,<span class="_"> </span>such<span class="_"> </span>as<span class="_"> </span>capturing<span class="_"> </span>images<span class="_"> </span>and</div><div class="t mc x13 h6 yf3 ff2 fs4 fc0 sc0 ls0 ws0">videos<span class="_"> </span>(T<span class="_ _3"></span>arget<span class="_"> </span>App<span class="_"> </span>(T<span class="_ _3"></span>A):<span class="_"> </span>Camera<span class="_"> </span>app),<span class="_"> </span>getting<span class="_"> </span>access<span class="_"> </span>to<span class="_"> </span>contacts</div><div class="t m5 x13 h6 yf4 ff2 fs4 fc0 sc0 ls0 ws0">(T<span class="_ _3"></span>A:<span class="_ _5"> </span>Contact<span class="_ _5"> </span>app),<span class="_ _5"> </span>record<span class="_ _5"> </span>sound<span class="_ _5"> </span>(TA:<span class="_"> </span>SoundRecorder),<span class="_"> </span>send<span class="_ _5"> </span>text</div><div class="t m9 x13 h6 yf5 ff2 fs4 fc0 sc0 ls0 ws0">messages<span class="_"> </span>(T<span class="_ _3"></span>A:<span class="_"> </span>Messaging<span class="_"> </span>app),<span class="_"> </span>or<span class="_"> </span>even<span class="_"> </span>installing<span class="_"> </span>and<span class="_"> </span>uninstalling</div><div class="t m5 x13 h6 yf6 ff2 fs4 fc0 sc0 ls0 ws0">third-party<span class="_ _9"> </span>apps<span class="_ _e"> </span>(T<span class="_ _3"></span>A:<span class="_ _e"> </span>Package<span class="_ _9"> </span>Installer).<span class="_ _9"> </span>Among<span class="_ _e"> </span>these,<span class="_ _9"> </span>attacks</div><div class="t m5 x13 h6 yf7 ff2 fs4 fc0 sc0 ls0 ws0">against<span class="_"> </span>the<span class="_"> </span>Package<span class="_"> </span>Installer<span class="_"> </span>are<span class="_"> </span>now<span class="_"> </span>pr<span class="_ _2"></span>otected<span class="_"> </span>via<span class="_"> </span>the<span class="_"> </span>obscured</div><div class="t m5 x13 h6 yf8 ff2 fs4 fc0 sc0 ls0 ws0">&#58910;ag<span class="_ _7"> </span>mechanism.<span class="_ _7"> </span>However<span class="_ _3"></span>,<span class="_ _7"> </span>even<span class="_ _7"> </span>this<span class="_ _7"> </span>last<span class="_ _7"> </span>case<span class="_ _7"> </span>is<span class="_ _7"> </span>still<span class="_ _7"> </span>vulnerable</div><div class="t m5 x13 h6 yf9 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>the<span class="_"> </span>context-hiding<span class="_"> </span>attack.<span class="_"> </span>A<span class="_ _2"></span>ccording<span class="_"> </span>to<span class="_"> </span>our<span class="_"> </span>tests,<span class="_"> </span>all<span class="_ _6"> </span>the<span class="_"> </span>other</div><div class="t m5 x13 h6 yfa ff2 fs4 fc0 sc0 ls0 ws0">attack<span class="_ _5"> </span>venues<span class="_ _5"> </span>are<span class="_"> </span>still<span class="_ _7"> </span>practical<span class="_"> </span>on<span class="_ _5"> </span>the<span class="_ _7"> </span>latest<span class="_"> </span>version<span class="_ _5"> </span>of<span class="_ _5"> </span>Android.</div><div class="t m1e x13 h6 yfb ff2 fs4 fc0 sc0 ls0 ws0">This<span class="_"> </span>is<span class="_"> </span>particularly<span class="_"> </span>worrisome<span class="_"> </span>when<span class="_"> </span>considering<span class="_"> </span>that<span class="_ _6"> </span>this<span class="_"> </span>related</div><div class="t m0 x13 h6 yfc ff2 fs4 fc0 sc0 ls0 ws0">work<span class="_"> </span>has<span class="_"> </span>been<span class="_"> </span>published<span class="_"> </span>two<span class="_"> </span>years<span class="_"> </span>ago,<span class="_"> </span>in<span class="_"> </span>mid<span class="_"> </span>2016.</div><div class="t m5 x1e h6 yfd ff2 fs4 fc0 sc0 ls0 ws0">In<span class="_ _7"> </span>this<span class="_ _5"> </span>paper<span class="_ _7"> </span>we<span class="_ _7"> </span>explore<span class="_ _5"> </span>additional<span class="_ _7"> </span>attack<span class="_ _7"> </span>scenarios,<span class="_ _5"> </span>and<span class="_ _7"> </span>our</div><div class="t m0 x13 h6 yfe ff2 fs4 fc0 sc0 ls0 ws0">&#58907;ndings<span class="_"> </span>are<span class="_"> </span>alarming.</div><div class="t m0 x13 he yff ff3 fs4 fc0 sc0 ls0 ws0">Google<span class="_ _5"> </span>Play<span class="_ _5"> </span>Store<span class="_ _5"> </span>app.</div><div class="t m5 x46 h6 yff ff2 fs4 fc0 sc0 ls0 ws0">W<span class="_ _3"></span>e<span class="_"> </span>found<span class="_"> </span>that<span class="_ _5"> </span>even<span class="_"> </span>Google&#8217;s<span class="_"> </span>own<span class="_ _5"> </span>Play</div><div class="t m7 x13 h6 y100 ff2 fs4 fc0 sc0 ls0 ws0">Store<span class="_"> </span>app<span class="_"> </span>is<span class="_"> </span>completely<span class="_"> </span>vulnerable<span class="_"> </span>even<span class="_"> </span>to<span class="_"> </span>traditional<span class="_"> </span>clickjacking</div><div class="t mb x13 h6 y101 ff2 fs4 fc0 sc0 ls0 ws0">attacks.<span class="_"> </span>In<span class="_"> </span>fact,<span class="_"> </span>it<span class="_"> </span>is<span class="_"> </span>not<span class="_"> </span>even<span class="_"> </span>protected<span class="_"> </span>by<span class="_"> </span>the<span class="_"> </span>obscured<span class="_"> </span>&#58910;ag<span class="_"> </span>mech-</div><div class="t m5 x13 h6 y102 ff2 fs4 fc0 sc0 ls0 ws0">anism,<span class="_ _7"> </span>making<span class="_ _7"> </span>its<span class="_ _7"> </span>exploitation<span class="_ _7"> </span>trivial.<span class="_ _7"> </span>This<span class="_ _7"> </span>is<span class="_ _7"> </span>problematic<span class="_ _7"> </span>since</div><div class="t m26 x13 h6 y103 ff2 fs4 fc0 sc0 ls0 ws0">this<span class="_"> </span>app<span class="_"> </span>has<span class="_"> </span>the<span class="_"> </span>capability<span class="_"> </span>of<span class="_"> </span>installing,<span class="_"> </span>uninstalling,<span class="_"> </span>and<span class="_"> </span>opening</div><div class="t m0 x13 h6 y104 ff2 fs4 fc0 sc0 ls0 ws0">arbitrary<span class="_"> </span>apps<span class="_"> </span>installed<span class="_"> </span>from<span class="_"> </span>the<span class="_"> </span>Play<span class="_"> </span>Store.</div><div class="t m3 x1e h6 y105 ff2 fs4 fc0 sc0 ls0 ws0">An<span class="_ _6"> </span>attacker<span class="_ _6"> </span>can<span class="_ _6"> </span>cause<span class="_ _6"> </span>the<span class="_ _6"> </span>Play<span class="_ _6"> </span>Store<span class="_ _6"> </span>app<span class="_ _6"> </span>to<span class="_ _6"> </span>open<span class="_ _6"> </span>and<span class="_ _6"> </span>&#8220;browse<span class="_ _3"></span>&#8221;<span class="_"> </span>to</div><div class="t m3 x13 h6 y106 ff2 fs4 fc0 sc0 ls0 ws0">an<span class="_"> </span>attacker-chosen<span class="_"> </span>app<span class="_"> </span>by<span class="_"> </span>sending<span class="_"> </span>an<span class="_"> </span>A<span class="_ _2"></span>CTION_<span class="_ _3"></span>VIEW<span class="_"> </span>Intent<span class="_"> </span>and<span class="_"> </span>a</div><div class="t m3 x13 h6 y107 ff2 fs4 fc0 sc0 ls0 ws0">URI<span class="_ _8"> </span>with<span class="_ _6"> </span>the</div><div class="t m0 x47 h11 y107 ff9 fs4 fc0 sc0 ls0 ws0">market://</div><div class="t m3 x48 h6 y107 ff2 fs4 fc0 sc0 ls0 ws0">scheme<span class="_ _8"> </span>(e.g.,</div><div class="t m0 x49 h11 y107 ff9 fs4 fc0 sc0 ls0 ws0">market://details?id=mal-</div><div class="t m0 x13 h11 y108 ff9 fs4 fc0 sc0 ls0 ws0">icious.com</div><div class="t m5 x14 h6 y108 ff2 fs4 fc0 sc0 ls0 ws0">).<span class="_"> </span>If<span class="_"> </span>the<span class="_"> </span>app<span class="_"> </span>is<span class="_"> </span>not<span class="_"> </span>installed,<span class="_"> </span>the<span class="_"> </span>Play<span class="_"> </span>Store<span class="_"> </span>will<span class="_"> </span>show<span class="_ _3"></span>,</div><div class="t m13 x13 h6 y109 ff2 fs4 fc0 sc0 ls0 ws0">in<span class="_"> </span>its<span class="_"> </span>&#58907;rst<span class="_"> </span>activity<span class="_ _3"></span>,<span class="_"> </span>the<span class="_"> </span>&#8220;Install<span class="_"> </span>App<span class="_ _3"></span>&#8221;<span class="_"> </span>button,<span class="_"> </span>making<span class="_"> </span>it<span class="_"> </span>possible<span class="_"> </span>to</div><div class="t m11 x13 h6 y10a ff2 fs4 fc0 sc0 ls0 ws0">install<span class="_"> </span>an<span class="_"> </span>arbitrary<span class="_"> </span>app<span class="_"> </span>from<span class="_"> </span>the<span class="_"> </span>Play<span class="_"> </span>Store<span class="_"> </span>by<span class="_"> </span>hijacking<span class="_"> </span><span class="ff4">one<span class="_ _5"> </span></span>click.</div><div class="t m5 x13 h6 y10b ff2 fs4 fc0 sc0 ls0 ws0">After<span class="_ _7"> </span>the<span class="_ _7"> </span>app<span class="_ _7"> </span>is<span class="_ _7"> </span>installe<span class="_ _4"></span>d,<span class="_ _7"> </span>the<span class="_ _7"> </span>malicious<span class="_ _7"> </span>app<span class="_ _7"> </span>can<span class="_ _9"> </span>send<span class="_ _7"> </span>the<span class="_ _7"> </span>same</div><div class="t m23 x13 h6 y10c ff2 fs4 fc0 sc0 ls0 ws0">Intent:<span class="_"> </span>this<span class="_"> </span>time,<span class="_"> </span>since<span class="_"> </span>the<span class="_"> </span>app<span class="_"> </span>is<span class="_ _6"> </span>already<span class="_"> </span>installed,<span class="_"> </span>the<span class="_"> </span>Play<span class="_"> </span>Store</div><div class="t m20 x13 h6 y10d ff2 fs4 fc0 sc0 ls0 ws0">app<span class="_"> </span>will<span class="_"> </span>show<span class="_"> </span>an<span class="_"> </span>&#8220;open<span class="_"> </span>app<span class="_ _2"></span>&#8221;<span class="_"> </span>button.<span class="_"> </span>Thus,<span class="_"> </span>by<span class="_"> </span>hijacking<span class="_"> </span>two<span class="_"> </span>clicks</div><div class="t m3 x13 h6 y10e ff2 fs4 fc0 sc0 ls0 ws0">only<span class="_ _3"></span>,<span class="_ _6"> </span>an<span class="_ _6"> </span>attacker<span class="_ _6"> </span>can<span class="_ _8"> </span>install<span class="_"> </span>and<span class="_ _8"> </span>open<span class="_ _6"> </span>an<span class="_ _6"> </span>arbitrary<span class="_"> </span>app<span class="_ _8"> </span>from<span class="_ _6"> </span>the<span class="_ _6"> </span>Play</div><div class="t m5 x13 h6 y10f ff2 fs4 fc0 sc0 ls0 ws0">Store.<span class="_"> </span>T<span class="_ _3"></span>o<span class="_"> </span>make<span class="_ _5"> </span>things<span class="_ _5"> </span>worse,<span class="_"> </span>we<span class="_"> </span>have<span class="_ _5"> </span>found<span class="_ _5"> </span>that<span class="_"> </span>if<span class="_ _5"> </span>the<span class="_ _5"> </span>attacker-</div><div class="t m10 x13 h6 y110 ff2 fs4 fc0 sc0 ls0 ws0">chosen<span class="_"> </span>app<span class="_"> </span>targets<span class="_"> </span>an<span class="_"> </span>old<span class="_"> </span>Android<span class="_"> </span>SDK,<span class="_"> </span>the<span class="_"> </span>full<span class="_"> </span>list<span class="_"> </span>of<span class="_"> </span>permission</div><div class="t m3 x13 h6 y111 ff2 fs4 fc0 sc0 ls0 ws0">is<span class="_"> </span>shown<span class="_"> </span>to<span class="_"> </span>the<span class="_ _6"> </span>user<span class="_"> </span>at<span class="_"> </span>install-time<span class="_"> </span>(in<span class="_"> </span>contrast<span class="_"> </span>to<span class="_ _6"> </span>the<span class="_"> </span>current<span class="_"> </span>grant</div><div class="t m1f x13 h6 y112 ff2 fs4 fc0 sc0 ls0 ws0">at<span class="_"> </span>run-time<span class="_"> </span>permission<span class="_"> </span>model).<span class="_"> </span>Unfortunately<span class="_ _3"></span>,<span class="_"> </span>we<span class="_"> </span>have<span class="_"> </span>found<span class="_"> </span>that</div><div class="t m5 x13 h6 y113 ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_ _5"> </span>&#8220;OK&#8221;<span class="_ _5"> </span>button<span class="_ _5"> </span>to<span class="_ _5"> </span>con&#58907;rm<span class="_ _5"> </span>these<span class="_ _5"> </span>p<span class="_ _4"></span>ermissions<span class="_ _5"> </span>is<span class="_ _5"> </span>also<span class="_ _5"> </span>vulnerable</div><div class="t m26 x13 h6 y114 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>clickjacking.<span class="_"> </span>In<span class="_"> </span>summary<span class="_ _3"></span>,<span class="_"> </span>by<span class="_"> </span>hijacking<span class="_"> </span>three<span class="_"> </span>clicks,<span class="_"> </span>an<span class="_"> </span>attacker</div><div class="t m5 x13 h6 y115 ff2 fs4 fc0 sc0 ls0 ws0">can<span class="_ _5"> </span>lure<span class="_ _7"> </span>the<span class="_ _5"> </span>user<span class="_ _5"> </span>to<span class="_ _7"> </span>install<span class="_ _5"> </span>an<span class="_ _7"> </span>arbitrary<span class="_ _7"> </span>app<span class="_ _5"> </span>from<span class="_ _5"> </span>the<span class="_ _7"> </span>store<span class="_ _5"> </span>with</div><div class="t m0 x13 h6 y116 ff2 fs4 fc0 sc0 ls0 ws0">arbitrary<span class="_"> </span>permissions.</div><div class="c x11 y46 w2 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">Session 6B: Mobile 1</div></div><div class="c x2e y46 w3 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">CCS&#8217;18, October 15-19, 2018, Toronto, ON, Canada</div></div><div class="c x2f y48 w5 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">1122</div></div><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a></div><div class="pi" data-data='{"ctm":[1.568627,0.000000,0.000000,1.568627,0.000000,0.000000]}'></div></div>

<div id="pf4" class="pf w0 h0" data-page-no="4"><div class="pc pc4 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://csdnimg.cn/release/download_crawler_static/12728047/bg4.jpg"><div class="t m0 x11 he y49 ff3 fs4 fc0 sc0 ls0 ws0">Chrome<span class="_ _b"> </span>Browser<span class="_ _3"></span>.</div><div class="t m17 x2 h6 y49 ff2 fs4 fc0 sc0 ls0 ws0">The<span class="_"> </span>mobile<span class="_"> </span>version<span class="_"> </span>of<span class="_"> </span>Chrome<span class="_"> </span>Browser<span class="_"> </span>is<span class="_"> </span>vul-</div><div class="t m3 x11 h6 y4a ff2 fs4 fc0 sc0 ls0 ws0">nerable<span class="_"> </span>as<span class="_"> </span>well.<span class="_"> </span>An<span class="_"> </span>attacker<span class="_"> </span>can<span class="_ _5"> </span>simply<span class="_"> </span>open<span class="_"> </span>an<span class="_"> </span>arbitrar<span class="_ _4"></span>y<span class="_"> </span>webpage</div><div class="t m3 x11 h6 y80 ff2 fs4 fc0 sc0 ls0 ws0">by<span class="_ _6"> </span>sending<span class="_"> </span>an<span class="_ _6"> </span>A<span class="_ _3"></span>CTION_<span class="_ _3"></span>VIEW<span class="_"> </span>specifying<span class="_ _6"> </span>the<span class="_"> </span>target<span class="_ _6"> </span>webpage<span class="_ _2"></span>&#8217;s<span class="_ _6"> </span>URL</div><div class="t m3 x11 h6 y81 ff2 fs4 fc0 sc0 ls0 ws0">as<span class="_ _6"> </span>data.<span class="_ _6"> </span>If<span class="_ _6"> </span>the<span class="_ _6"> </span>user<span class="_ _6"> </span>is<span class="_ _6"> </span>logged<span class="_"> </span>in<span class="_ _8"> </span>to<span class="_"> </span>the<span class="_ _8"> </span>target<span class="_ _6"> </span>site,<span class="_ _6"> </span>the<span class="_ _6"> </span>attacker<span class="_ _6"> </span>can<span class="_ _6"> </span>use</div><div class="t m3 x11 h6 y82 ff2 fs4 fc0 sc0 ls0 ws0">clickjacking<span class="_"> </span>to<span class="_"> </span>implement<span class="_"> </span>traditional<span class="_"> </span>web<span class="_"> </span>clickjacking<span class="_"> </span>attacks<span class="_"> </span>(e.g.,</div><div class="t m5 x11 h6 y83 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_ _7"> </span>click<span class="_ _7"> </span>on<span class="_ _7"> </span>Facebook&#8217;s<span class="_ _7"> </span>likes),<span class="_ _7"> </span>bypassing<span class="_ _5"> </span>all<span class="_ _7"> </span>mo<span class="_ _4"></span>dern<span class="_ _7"> </span>web-r<span class="_ _2"></span>elated</div><div class="t m0 x11 h6 y84 ff2 fs4 fc0 sc0 ls0 ws0">defense<span class="_"> </span>mechanisms<span class="_"> </span>(such<span class="_"> </span>as<span class="_"> </span>frame<span class="_"> </span>busting).</div><div class="t m0 x11 he y117 ff3 fs4 fc0 sc0 ls0 ws0">Gmail.</div><div class="t m3 x4a h6 y117 ff2 fs4 fc0 sc0 ls0 ws0">Google&#8217;s<span class="_ _a"> </span>Gmail<span class="_ _8"> </span>app<span class="_ _8"> </span>is<span class="_ _8"> </span>vulnerable.<span class="_ _8"> </span>By<span class="_ _8"> </span>using<span class="_ _8"> </span>an<span class="_ _8"> </span>ACTION_SEND</div><div class="t m2 x11 h6 y118 ff2 fs4 fc0 sc0 ls0 ws0">Intent,<span class="_"> </span>by<span class="_"> </span>setting</div><div class="t m0 x4b h11 y118 ff9 fs4 fc0 sc0 ls0 ws0">com.google.android.gm</div><div class="t m2 x4c h6 y118 ff2 fs4 fc0 sc0 ls0 ws0">as<span class="_"> </span>target<span class="_"> </span>package,<span class="_"> </span>and</div><div class="t m3 x11 h6 y119 ff2 fs4 fc0 sc0 ls0 ws0">by<span class="_ _8"> </span>setting<span class="_ _8"> </span>the<span class="_ _8"> </span>EXTRA_EMAIL,<span class="_ _8"> </span>EXTRA_SUBJECT<span class="_ _3"></span>,<span class="_ _8"> </span>and<span class="_ _8"> </span>EXTRA_<span class="_ _3"></span>TEXT</div><div class="t mb x11 h6 y11a ff2 fs4 fc0 sc0 ls0 ws0">extra<span class="_"> </span>&#58907;elds,<span class="_"> </span>an<span class="_"> </span>attacker<span class="_"> </span>can<span class="_"> </span>spawn<span class="_"> </span>the<span class="_"> </span>Gmail<span class="_"> </span>app<span class="_"> </span>with<span class="_"> </span>a<span class="_"> </span>pre-&#58907;lled</div><div class="t m5 x11 h6 y11b ff2 fs4 fc0 sc0 ls0 ws0">email<span class="_"> </span>(including<span class="_"> </span>the<span class="_ _5"> </span>T<span class="_ _3"></span>o:,<span class="_"> </span>Subject:,<span class="_ _5"> </span>and<span class="_"> </span>content<span class="_ _5"> </span>of<span class="_"> </span>the<span class="_"> </span>email).<span class="_ _5"> </span>The</div><div class="t m8 x11 h6 y11c ff2 fs4 fc0 sc0 ls0 ws0">attacker<span class="_"> </span>can<span class="_"> </span>then<span class="_"> </span>hijack<span class="_"> </span>a<span class="_"> </span>click<span class="_"> </span>to<span class="_"> </span>the<span class="_"> </span>&#8220;Send&#8221;<span class="_"> </span>button,<span class="_"> </span>with<span class="_"> </span>the<span class="_ _6"> </span>net</div><div class="t m5 x11 h6 y11d ff2 fs4 fc0 sc0 ls0 ws0">e&#58909;ect<span class="_"> </span>of<span class="_"> </span>being<span class="_"> </span>able<span class="_"> </span>to<span class="_"> </span>send<span class="_"> </span>emails<span class="_"> </span>on<span class="_"> </span>behalf<span class="_"> </span>of<span class="_"> </span>the<span class="_"> </span>victim,<span class="_"> </span>which</div><div class="t m0 x11 h6 y11e ff2 fs4 fc0 sc0 ls0 ws0">could<span class="_"> </span>be<span class="_"> </span>useful<span class="_"> </span>to<span class="_"> </span>mount<span class="_"> </span>social<span class="_"> </span>engineering<span class="_"> </span>and<span class="_"> </span>targete<span class="_ _4"></span>d<span class="_"> </span>attacks.</div><div class="t m0 x3a he y11f ff3 fs4 fc0 sc0 ls0 ws0">WhatsApp<span class="_ _8"> </span>and<span class="_ _8"> </span>Signal.</div><div class="t m3 x4d h6 y11f ff2 fs4 fc0 sc0 ls0 ws0">These<span class="_ _8"> </span>applications<span class="_ _8"> </span>are<span class="_ _8"> </span>very<span class="_ _8"> </span>popular<span class="_ _8"> </span>among</div><div class="t m3 x11 h6 y120 ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_"> </span>Instant<span class="_ _8"> </span>Messaging<span class="_"> </span>(IM)<span class="_"> </span>apps:<span class="_ _8"> </span>WhatsApp<span class="_"> </span>is<span class="_"> </span>one<span class="_ _8"> </span>of<span class="_"> </span>the<span class="_"> </span>most<span class="_ _8"> </span>use<span class="_ _4"></span>d</div><div class="t me x11 h6 y121 ff2 fs4 fc0 sc0 ls0 ws0">messaging<span class="_"> </span>application<span class="_"> </span>across<span class="_"> </span>Android<span class="_"> </span>users<span class="_"> </span>while<span class="_"> </span>Signal<span class="_"> </span>is<span class="_"> </span>consid-</div><div class="t m3 x11 h6 y122 ff2 fs4 fc0 sc0 ls0 ws0">ered<span class="_ _8"> </span>the<span class="_ _6"> </span>de-facto<span class="_ _6"> </span>standard<span class="_ _8"> </span>for<span class="_ _6"> </span>secure<span class="_ _8"> </span>messaging.<span class="_ _6"> </span>Both<span class="_ _8"> </span>allow<span class="_ _6"> </span>the<span class="_ _8"> </span>user</div><div class="t m0 x11 h6 y123 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>perform<span class="_"> </span>end-to-end<span class="_"> </span>encrypted<span class="_"> </span>communications.<span class="_"> </span>Unfortunately<span class="_ _3"></span>,</div><div class="t m0 x11 h6 y124 ff2 fs4 fc0 sc0 ls0 ws0">these<span class="_"> </span>sensitive<span class="_"> </span>apps<span class="_"> </span>are<span class="_"> </span>also<span class="_"> </span>vulnerable<span class="_"> </span>to<span class="_"> </span>clickjacking.</div><div class="t m1f x12 h6 y125 ff2 fs4 fc0 sc0 ls0 ws0">For<span class="_"> </span>what<span class="_"> </span>concerns<span class="_"> </span>WhatsApp,<span class="_"> </span>an<span class="_"> </span>attacker<span class="_"> </span>can<span class="_"> </span>send<span class="_"> </span>one<span class="_"> </span>crafted</div><div class="t m5 x11 h6 y126 ff2 fs4 fc0 sc0 ls0 ws0">Intent<span class="_ _7"> </span>so<span class="_ _9"> </span>to<span class="_ _9"> </span>pre-&#58907;ll<span class="_ _7"> </span>the<span class="_ _9"> </span>content<span class="_ _9"> </span>and<span class="_ _7"> </span>the<span class="_ _9"> </span>recipient<span class="_ _9"> </span>of<span class="_ _7"> </span>a<span class="_ _9"> </span>message</div><div class="t m5 x11 h6 y127 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>be<span class="_ _5"> </span>sent:<span class="_"> </span>by<span class="_ _5"> </span>hijacking<span class="_"> </span>just<span class="_"> </span>one<span class="_ _5"> </span>click,<span class="_"> </span>such<span class="_ _5"> </span>message<span class="_"> </span>will<span class="_ _5"> </span>be<span class="_"> </span>sent</div><div class="t m5 x11 h6 y128 ff2 fs4 fc0 sc0 ls0 ws0">on<span class="_"> </span>behalf<span class="_"> </span>of<span class="_"> </span>the<span class="_"> </span>victim.<span class="_"> </span>This<span class="_"> </span>technique<span class="_"> </span>can<span class="_"> </span>be<span class="_"> </span>abused<span class="_"> </span>to<span class="_"> </span>leak<span class="_"> </span>the</div><div class="t m5 x11 h6 y129 ff2 fs4 fc0 sc0 ls0 ws0">victim&#8217;s<span class="_"> </span>telephone<span class="_ _5"> </span>numb<span class="_ _4"></span>er<span class="_"> </span>by<span class="_ _5"> </span>sending<span class="_ _5"> </span>a<span class="_ _5"> </span>message<span class="_ _5"> </span>to<span class="_ _5"> </span>an<span class="_ _5"> </span>attacker-</div><div class="t m5 x11 h6 y12a ff2 fs4 fc0 sc0 ls0 ws0">controlled<span class="_"> </span>number;<span class="_ _5"> </span>the<span class="_"> </span>attacker<span class="_"> </span>could<span class="_ _5"> </span>also<span class="_"> </span>use<span class="_"> </span>this<span class="_ _5"> </span>attack<span class="_"> </span>vector</div><div class="t m16 x11 h6 y12b ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>impersonate<span class="_"> </span>the<span class="_"> </span>victim<span class="_"> </span>to<span class="_"> </span>p<span class="_ _4"></span>erform<span class="_"> </span>social<span class="_"> </span>engineering<span class="_"> </span>attacks<span class="_"> </span>or</div><div class="t m0 x11 h6 y12c ff2 fs4 fc0 sc0 ls0 ws0">spam-related<span class="_"> </span>activities.</div><div class="t m5 x12 h6 y12d ff2 fs4 fc0 sc0 ls0 ws0">Signal<span class="_"> </span>is<span class="_ _5"> </span>vulnerable<span class="_"> </span>to<span class="_ _5"> </span>this<span class="_"> </span>attack<span class="_ _5"> </span>as<span class="_"> </span>well,<span class="_"> </span>but<span class="_ _5"> </span>only<span class="_ _5"> </span>if<span class="_"> </span>it<span class="_ _5"> </span>is<span class="_"> </span>con-</div><div class="t m5 x11 h6 y12e ff2 fs4 fc0 sc0 ls0 ws0">&#58907;gured<span class="_ _5"> </span>to<span class="_ _7"> </span>be<span class="_ _5"> </span>the<span class="_ _7"> </span>default<span class="_ _5"> </span>app<span class="_ _5"> </span>for<span class="_ _7"> </span>handling<span class="_ _5"> </span>SMS:<span class="_ _7"> </span>in<span class="_ _5"> </span>case<span class="_ _5"> </span>it<span class="_ _7"> </span>is<span class="_ _5"> </span>not,</div><div class="t m5 x11 h6 y12f ff2 fs4 fc0 sc0 ls0 ws0">Signal<span class="_ _7"> </span>does<span class="_ _9"> </span>not<span class="_ _7"> </span>allow<span class="_ _9"> </span>the<span class="_ _7"> </span>creation<span class="_ _7"> </span>of<span class="_ _9"> </span>a<span class="_ _7"> </span>pre-&#58907;lled<span class="_ _9"> </span>message<span class="_ _7"> </span>with</div><div class="t m5 x11 h6 y130 ff2 fs4 fc0 sc0 ls0 ws0">an<span class="_ _5"> </span>arbitrar<span class="_ _4"></span>y<span class="_ _3"></span>,<span class="_ _5"> </span>attacker-controlled<span class="_ _7"> </span>recipient,<span class="_ _5"> </span>making<span class="_ _5"> </span>the<span class="_ _7"> </span>one-click</div><div class="t m5 x11 h6 y131 ff2 fs4 fc0 sc0 ls0 ws0">attack<span class="_ _5"> </span>not<span class="_ _5"> </span>possible.<span class="_ _5"> </span>W<span class="_ _3"></span>e<span class="_ _5"> </span>note,<span class="_ _5"> </span>however<span class="_ _3"></span>,<span class="_"> </span>that<span class="_ _7"> </span>a<span class="_ _5"> </span>clickjacking-based</div><div class="t m5 x11 h6 y132 ff2 fs4 fc0 sc0 ls0 ws0">attack<span class="_"> </span>against<span class="_ _5"> </span>Signal<span class="_"> </span>is<span class="_ _5"> </span>possible<span class="_"> </span>even<span class="_"> </span>in<span class="_ _5"> </span>its<span class="_"> </span>default<span class="_ _5"> </span>IM<span class="_"> </span>mo<span class="_ _4"></span>de,<span class="_"> </span>but</div><div class="t md x11 h6 y133 ff2 fs4 fc0 sc0 ls0 ws0">it<span class="_"> </span>becomes<span class="_"> </span>more<span class="_"> </span>complicated.<span class="_"> </span>In<span class="_"> </span>particular<span class="_ _3"></span>,<span class="_"> </span>a<span class="_"> </span>malicious<span class="_"> </span>app<span class="_"> </span>could</div><div class="t m3 x11 h6 y134 ff2 fs4 fc0 sc0 ls0 ws0">ask<span class="_"> </span>the<span class="_"> </span>WRI<span class="_ _4"></span>TE_CON<span class="_ _4"></span>T<span class="_ _3"></span>ACT<span class="_"> </span>permission<span class="_"> </span>to<span class="_"> </span>add<span class="_"> </span>the<span class="_"> </span>attacker&#8217;s<span class="_"> </span>phone</div><div class="t m20 x11 h6 y135 ff2 fs4 fc0 sc0 ls0 ws0">number<span class="_"> </span>to<span class="_"> </span>the<span class="_"> </span>victim&#8217;s<span class="_"> </span>contact<span class="_"> </span>list<span class="_"> </span>multiple<span class="_"> </span>times,<span class="_"> </span>and<span class="_"> </span>it<span class="_"> </span>could<span class="_"> </span>use</div><div class="t m28 x11 h6 y136 ff2 fs4 fc0 sc0 ls0 ws0">a<span class="_"> </span>specially<span class="_"> </span>crafte<span class="_ _4"></span>d<span class="_"> </span>name<span class="_"> </span>so<span class="_"> </span>to<span class="_"> </span>reach<span class="_"> </span>the<span class="_"> </span>top<span class="_"> </span>of<span class="_"> </span>the<span class="_"> </span>contact<span class="_"> </span>list<span class="_ _5"> </span>(like</div><div class="t m3 x11 h6 y137 ff2 fs4 fc0 sc0 ls0 ws0">in<span class="_"> </span>a<span class="_"> </span>spraying<span class="_"> </span>attack):<span class="_"> </span>then,<span class="_"> </span>by<span class="_"> </span>hijacking<span class="_"> </span>two<span class="_"> </span>clicks&#8212;the<span class="_"> </span>&#58907;rst<span class="_"> </span>one<span class="_"> </span>to</div><div class="t md x11 h6 y138 ff2 fs4 fc0 sc0 ls0 ws0">select<span class="_"> </span>the<span class="_"> </span>attacker-controlled<span class="_"> </span>recipient<span class="_"> </span>(which<span class="_"> </span>is<span class="_"> </span>now<span class="_"> </span>on<span class="_"> </span>top)<span class="_"> </span>and</div><div class="t m3 x11 h6 y139 ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_"> </span>second<span class="_"> </span>one<span class="_ _6"> </span>to<span class="_"> </span>actually<span class="_"> </span>send<span class="_ _6"> </span>the<span class="_"> </span>message&#8212;the<span class="_"> </span>attacker<span class="_"> </span>can<span class="_ _6"> </span>once</div><div class="t ma x11 h6 y13a ff2 fs4 fc0 sc0 ls0 ws0">again<span class="_"> </span>leak<span class="_"> </span>the<span class="_"> </span>victim&#8217;s<span class="_"> </span>telephone<span class="_"> </span>number<span class="_ _3"></span>.<span class="_"> </span>The<span class="_"> </span>attacker<span class="_"> </span>could<span class="_ _5"> </span>then</div><div class="t m0 x11 h6 y13b ff2 fs4 fc0 sc0 ls0 ws0">clean<span class="_"> </span>up<span class="_"> </span>the<span class="_"> </span>contact<span class="_"> </span>list<span class="_"> </span>just<span class="_"> </span>after<span class="_"> </span>the<span class="_"> </span>attack<span class="_"> </span>is<span class="_"> </span>over<span class="_ _3"></span>.</div><div class="t m0 x11 he y13c ff3 fs4 fc0 sc0 ls0 ws0">Google<span class="_ _b"> </span>Authenticator<span class="_ _3"></span>.</div><div class="t m5 x4e h6 y13c ff2 fs4 fc0 sc0 ls0 ws0">Google<span class="_"> </span>Authenticator<span class="_"> </span>is<span class="_"> </span>also<span class="_"> </span>vulnerable</div><div class="t m5 x11 h6 y13d ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_ _7"> </span>clickjacking,<span class="_ _7"> </span>but<span class="_ _7"> </span>in<span class="_ _9"> </span>a<span class="_ _7"> </span>di&#58909;erent<span class="_ _7"> </span>way<span class="_ _3"></span>.<span class="_ _7"> </span>For<span class="_ _7"> </span>this<span class="_ _9"> </span>app,<span class="_ _7"> </span>there<span class="_ _7"> </span>is<span class="_ _7"> </span>no</div><div class="t m3 x11 h6 y13e ff2 fs4 fc0 sc0 ls0 ws0">sensitive<span class="_"> </span>button<span class="_"> </span>to<span class="_"> </span>be<span class="_"> </span>clicke<span class="_ _4"></span>d,<span class="_"> </span>but<span class="_"> </span>it<span class="_"> </span>contains<span class="_"> </span>sensitive<span class="_"> </span>information,</div><div class="t m5 x11 h6 y13f ff2 fs4 fc0 sc0 ls0 ws0">such<span class="_ _7"> </span>as<span class="_ _7"> </span>two-factor<span class="_ _5"> </span>authentication<span class="_ _7"> </span>tokens.<span class="_ _7"> </span>W<span class="_ _3"></span>e<span class="_ _7"> </span>have<span class="_ _5"> </span>developed<span class="_ _7"> </span>a</div><div class="t m0 x11 h6 y140 ff2 fs4 fc0 sc0 ls0 ws0">clickjacking-based<span class="_"> </span>technique<span class="_"> </span>through<span class="_"> </span>which<span class="_"> </span>the<span class="_"> </span>attacker<span class="_"> </span>can<span class="_"> </span>leak</div><div class="t m5 x11 h6 y141 ff2 fs4 fc0 sc0 ls0 ws0">this<span class="_ _5"> </span>data.<span class="_ _7"> </span>By<span class="_ _5"> </span>luring<span class="_ _5"> </span>the<span class="_ _7"> </span>user<span class="_ _5"> </span>to<span class="_ _7"> </span>perform<span class="_ _5"> </span>a<span class="_ _7"> </span>&#8220;long<span class="_ _5"> </span>click&#8221;<span class="_ _5"> </span>action<span class="_ _7"> </span>on</div><div class="t m5 x11 h6 y142 ff2 fs4 fc0 sc0 ls0 ws0">one<span class="_"> </span>of<span class="_ _5"> </span>the<span class="_"> </span>tokens,<span class="_ _5"> </span><span class="ff4">the<span class="_ _b"> </span>Go<span class="_ _4"></span>ogle<span class="_ _b"> </span>Auth<span class="_ _b"> </span>app<span class="_ _b"> </span>will<span class="_ _5"> </span>copy<span class="_ _b"> </span>this<span class="_ _5"> </span>token<span class="_ _5"> </span>to<span class="_ _b"> </span>the</span></div><div class="t m1d x11 hf y143 ff4 fs4 fc0 sc0 ls0 ws0">clipboard,<span class="_ _b"> </span>which<span class="_ _b"> </span>is<span class="_ _b"> </span>freely<span class="_ _b"> </span>accessible<span class="_ _b"> </span>by<span class="_ _b"> </span>any<span class="_ _5"> </span>third-party<span class="_ _b"> </span>app<span class="_ _b"> </span>without</div><div class="t m3 x11 h6 y144 ff4 fs4 fc0 sc0 ls0 ws0">requesting<span class="_ _b"> </span>any<span class="_ _b"> </span>additional<span class="_ _b"> </span>permission<span class="ff2">.<span class="_"> </span>W<span class="_ _3"></span>e<span class="_"> </span>were<span class="_"> </span>able<span class="_"> </span>to<span class="_"> </span>quickly<span class="_"> </span>write</span></div><div class="t m12 x11 h6 y145 ff2 fs4 fc0 sc0 ls0 ws0">a<span class="_"> </span>prototype<span class="_"> </span>that,<span class="_"> </span>by<span class="_"> </span>just<span class="_"> </span>hijacking<span class="_ _6"> </span>one<span class="_"> </span>click,<span class="_"> </span>obtains<span class="_"> </span>the<span class="_"> </span>relevant</div><div class="t m3 x11 h6 y146 ff2 fs4 fc0 sc0 ls0 ws0">token<span class="_"> </span>from<span class="_"> </span>the<span class="_"> </span>clipboard.<span class="_"> </span>T<span class="_ _3"></span>o<span class="_"> </span>the<span class="_"> </span>best<span class="_"> </span>of<span class="_"> </span>our<span class="_"> </span>knowledge,<span class="_"> </span>this<span class="_"> </span>is<span class="_"> </span>&#58907;rst</div><div class="t m5 x11 h6 y147 ff2 fs4 fc0 sc0 ls0 ws0">known<span class="_ _5"> </span>example<span class="_ _5"> </span>of<span class="_ _5"> </span>combining<span class="_ _5"> </span>hijacking<span class="_ _7"> </span>of<span class="_"> </span>long<span class="_ _7"> </span>clicks<span class="_"> </span>and<span class="_ _7"> </span>leaks</div><div class="t m22 x13 h6 y49 ff2 fs4 fc0 sc0 ls0 ws0">via<span class="_"> </span>clipboard.<span class="_"> </span>W<span class="_ _3"></span>e<span class="_"> </span>note<span class="_ _6"> </span>that<span class="_"> </span>this<span class="_"> </span>technique<span class="_"> </span>is<span class="_"> </span>generic,<span class="_"> </span>and<span class="_"> </span>that<span class="_"> </span>we</div><div class="t m5 x13 h6 y4a ff2 fs4 fc0 sc0 ls0 ws0">focused<span class="_"> </span>on<span class="_"> </span>Google<span class="_"> </span>Auth<span class="_"> </span>only<span class="_"> </span>as<span class="_"> </span>an<span class="_"> </span>explanatory<span class="_"> </span>example.<span class="_"> </span>In<span class="_"> </span>fact,</div><div class="t m28 x13 h6 y80 ff2 fs4 fc0 sc0 ls0 ws0">our<span class="_"> </span>tests<span class="_"> </span>show<span class="_"> </span>it<span class="_"> </span>is<span class="_"> </span>also<span class="_"> </span>possible,<span class="_"> </span>for<span class="_"> </span>example,<span class="_"> </span>to<span class="_"> </span>attack<span class="_"> </span>the<span class="_"> </span>Google</div><div class="t m1d x13 h6 y81 ff2 fs4 fc0 sc0 ls0 ws0">Drive<span class="_"> </span>app<span class="_"> </span>and<span class="_"> </span>lure<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>to<span class="_ _6"> </span>click<span class="_"> </span>on<span class="_"> </span>&#8220;share<span class="_"> </span>by<span class="_"> </span>link&#8221;<span class="_"> </span>for<span class="_"> </span>a<span class="_"> </span>given</div><div class="t m25 x13 h6 y82 ff2 fs4 fc0 sc0 ls0 ws0">item<span class="_"> </span>or<span class="_"> </span>folder<span class="_ _3"></span>,<span class="_"> </span>after<span class="_"> </span>which<span class="_"> </span>the<span class="_ _5"> </span>item<span class="_"> </span>is<span class="_"> </span>shared<span class="_"> </span>and<span class="_"> </span>the<span class="_"> </span>link<span class="_ _5"> </span>is<span class="_"> </span>copied</div><div class="t m0 x13 h6 y83 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>the<span class="_"> </span>clipboard<span class="_"> </span>(and<span class="_"> </span>thus<span class="_"> </span>leaked<span class="_"> </span>to<span class="_"> </span>the<span class="_"> </span>attacker).</div><div class="t m0 x13 he y148 ff3 fs4 fc0 sc0 ls0 ws0">Facebook<span class="_ _5"> </span>and<span class="_ _5"> </span>T<span class="_ _3"></span>witter<span class="_ _3"></span>.</div><div class="t m5 x4f h6 y148 ff2 fs4 fc0 sc0 ls0 ws0">These<span class="_"> </span>apps<span class="_ _5"> </span>are<span class="_"> </span>completely<span class="_ _5"> </span>unprotected,</div><div class="t m19 x13 h6 y149 ff2 fs4 fc0 sc0 ls0 ws0">and<span class="_"> </span>it<span class="_"> </span>is<span class="_"> </span>thus<span class="_"> </span>easy<span class="_"> </span>for<span class="_"> </span>an<span class="_"> </span>attacker<span class="_"> </span>to<span class="_"> </span>&#8220;like<span class="_ _3"></span>&#8221;<span class="_"> </span>or<span class="_"> </span>share<span class="_"> </span>messages<span class="_"> </span>and</div><div class="t m5 x13 h6 y14a ff2 fs4 fc0 sc0 ls0 ws0">tweets,<span class="_"> </span>with<span class="_ _5"> </span>techniques<span class="_ _5"> </span>similar<span class="_ _5"> </span>to<span class="_ _5"> </span>what<span class="_ _5"> </span>described<span class="_ _5"> </span>above.<span class="_"> </span>For<span class="_ _5"> </span>ex-</div><div class="t m5 x13 h6 y14b ff2 fs4 fc0 sc0 ls0 ws0">ample,<span class="_"> </span>it<span class="_ _5"> </span>is<span class="_"> </span>p<span class="_ _4"></span>ossible<span class="_"> </span>to<span class="_ _5"> </span>spawn<span class="_ _5"> </span>the<span class="_"> </span>Twitter<span class="_"> </span>app<span class="_"> </span>to<span class="_ _5"> </span>show<span class="_"> </span>a<span class="_ _5"> </span>spe<span class="_ _4"></span>ci&#58907;c</div><div class="t m22 x13 h6 y14c ff2 fs4 fc0 sc0 ls0 ws0">tweet<span class="_"> </span>(URLs<span class="_"> </span>that<span class="_"> </span>contain<span class="_"> </span>twitter<span class="_ _3"></span>.com<span class="_"> </span>are<span class="_"> </span>treated<span class="_"> </span>in<span class="_"> </span>a<span class="_"> </span>special<span class="_"> </span>way</div><div class="t m19 x13 h6 y14d ff2 fs4 fc0 sc0 ls0 ws0">and<span class="_"> </span>delivered<span class="_"> </span>to<span class="_"> </span>the<span class="_"> </span>T<span class="_ _3"></span>witter<span class="_"> </span>app),<span class="_"> </span>and<span class="_"> </span>it<span class="_"> </span>is<span class="_ _6"> </span>thus<span class="_"> </span>trivial<span class="_"> </span>to<span class="_"> </span>perform</div><div class="t m0 x13 h6 y14e ff2 fs4 fc0 sc0 ls0 ws0">like-jacking<span class="_"> </span>or<span class="_"> </span>similar<span class="_"> </span>attacks.</div><div class="t m0 x13 he y14f ff3 fs4 fc0 sc0 ls0 ws0">Lookout<span class="_ _b"> </span>Mobile<span class="_ _5"> </span>Security<span class="_ _3"></span>.</div><div class="t m5 x45 h6 y14f ff2 fs4 fc0 sc0 ls0 ws0">As<span class="_"> </span>a<span class="_"> </span>last<span class="_"> </span>representative<span class="_"> </span>example,<span class="_"> </span>we</div><div class="t md x13 h6 y150 ff2 fs4 fc0 sc0 ls0 ws0">investigated<span class="_"> </span>how<span class="_"> </span>the<span class="_"> </span>leading<span class="_"> </span>anti-virus<span class="_"> </span>app<span class="_"> </span>for<span class="_"> </span>mobile<span class="_"> </span>is<span class="_"> </span>resilient</div><div class="t m5 x13 h6 y151 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>these<span class="_"> </span>attacks.<span class="_ _5"> </span>T<span class="_ _3"></span>o<span class="_"> </span>our<span class="_ _5"> </span>surprise,<span class="_"> </span>we<span class="_"> </span>found<span class="_ _5"> </span>that<span class="_"> </span>all<span class="_ _5"> </span>widgets<span class="_"> </span>were</div><div class="t mf x13 h6 y152 ff2 fs4 fc0 sc0 ls0 ws0">vulnerable<span class="_"> </span>to<span class="_"> </span>clickjacking:<span class="_"> </span>by<span class="_"> </span>hijacking<span class="_"> </span>three<span class="_"> </span>clicks,<span class="_"> </span>it<span class="_"> </span>is<span class="_"> </span>possible</div><div class="t m0 x13 h6 y153 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>silently<span class="_"> </span>disable<span class="_"> </span>the<span class="_"> </span>security<span class="_"> </span>checks.</div><div class="t m0 x13 he y154 ff3 fs4 fc0 sc0 ls0 ws0">Discussion.</div><div class="t m3 x50 h6 y154 ff2 fs4 fc0 sc0 ls0 ws0">The<span class="_ _8"> </span>intent<span class="_ _8"> </span>b<span class="_ _4"></span>ehind<span class="_ _8"> </span>this<span class="_ _8"> </span>section<span class="_ _6"> </span>is<span class="_ _8"> </span>to<span class="_ _8"> </span>highlight<span class="_ _8"> </span>the<span class="_ _6"> </span>extent</div><div class="t m24 x13 h6 y155 ff2 fs4 fc0 sc0 ls0 ws0">and<span class="_"> </span>wide<span class="_"> </span>attack<span class="_"> </span>surface<span class="_"> </span>that<span class="_ _5"> </span>even<span class="_"> </span>fully<span class="_"> </span>updated<span class="_"> </span>devices<span class="_"> </span>are<span class="_"> </span>subject</div><div class="t m3 x13 h6 y156 ff2 fs4 fc0 sc0 ls0 ws0">to.<span class="_ _8"> </span>The<span class="_"> </span>practicality<span class="_ _8"> </span>of<span class="_ _6"> </span>these<span class="_ _6"> </span>attacks<span class="_ _6"> </span>varies<span class="_ _6"> </span>depending<span class="_"> </span>on<span class="_ _8"> </span>the<span class="_ _6"> </span>number</div><div class="t m22 x13 h6 y157 ff2 fs4 fc0 sc0 ls0 ws0">of<span class="_"> </span>clicks<span class="_"> </span>to<span class="_"> </span>be<span class="_"> </span>hijacked.<span class="_"> </span>Howev<span class="_ _2"></span>er<span class="_ _3"></span>,<span class="_"> </span>we<span class="_"> </span>note<span class="_"> </span>that<span class="_"> </span>the<span class="_ _6"> </span>most<span class="_"> </span>complex</div><div class="t m27 x13 h6 y158 ff2 fs4 fc0 sc0 ls0 ws0">example<span class="_"> </span>above<span class="_"> </span>is<span class="_"> </span>attacking<span class="_"> </span>Signal,<span class="_"> </span>which<span class="_"> </span>requires<span class="_"> </span>four<span class="_"> </span>clicks,<span class="_"> </span>but</div><div class="t m5 x13 h6 y159 ff2 fs4 fc0 sc0 ls0 ws0">that<span class="_ _7"> </span>previous<span class="_ _7"> </span>work<span class="_ _7"> </span>has<span class="_ _9"> </span>shown<span class="_ _7"> </span>through<span class="_ _7"> </span>a<span class="_ _9"> </span>user<span class="_ _7"> </span>study<span class="_ _9"> </span>that<span class="_ _7"> </span>these</div><div class="t m0 x13 h6 y15a ff2 fs4 fc0 sc0 ls0 ws0">multi-step<span class="_"> </span>clickjacking<span class="_"> </span>attacks<span class="_"> </span>are<span class="_"> </span>very<span class="_"> </span>practical<span class="_"> </span>[10].</div><div class="t md x1e h6 y15b ff2 fs4 fc0 sc0 ls0 ws0">This<span class="_"> </span>is<span class="_"> </span>a<span class="_"> </span>list<span class="_"> </span>of<span class="_"> </span>interesting<span class="_"> </span>&#58907;ndings,<span class="_"> </span>but<span class="_"> </span>we<span class="_"> </span>w<span class="_ _2"></span>ould<span class="_"> </span>like<span class="_"> </span>to<span class="_"> </span>stress</div><div class="t m1a x13 h6 y15c ff2 fs4 fc0 sc0 ls0 ws0">that<span class="_"> </span>it<span class="_"> </span>is<span class="_"> </span>far<span class="_"> </span>from<span class="_"> </span>being<span class="_"> </span>complete<span class="_ _2"></span>.<span class="_"> </span>Howev<span class="_ _2"></span>er<span class="_ _3"></span>,<span class="_"> </span>we<span class="_"> </span>&#58907;nd<span class="_"> </span>it<span class="_"> </span>w<span class="_ _2"></span>orrisome</div><div class="t m5 x13 h6 y15d ff2 fs4 fc0 sc0 ls0 ws0">that,<span class="_ _5"> </span>among<span class="_ _5"> </span>the<span class="_ _5"> </span>apps<span class="_ _5"> </span>we<span class="_ _5"> </span>have<span class="_ _5"> </span>tested,<span class="_ _5"> </span><span class="ff4">we<span class="_ _5"> </span>have<span class="_ _5"> </span>not<span class="_ _5"> </span>found<span class="_ _5"> </span>a<span class="_ _5"> </span>single</span></div><div class="t m29 x13 h6 y15e ff4 fs4 fc0 sc0 ls0 ws0">one<span class="_ _b"> </span>that<span class="_ _b"> </span>was<span class="_ _b"> </span>protected<span class="_ _b"> </span>by<span class="_ _b"> </span>at<span class="_ _5"> </span>least<span class="_ _b"> </span>the<span class="_ _b"> </span>obscured<span class="_ _b"> </span>&#58910;ag<span class="_ _b"> </span>mechanism<span class="ff2">.<span class="_"> </span>On</span></div><div class="t m3 x13 h6 y15f ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_"> </span>one<span class="_"> </span>hand,<span class="_"> </span>it<span class="_"> </span>is<span class="_"> </span>surprising<span class="_ _5"> </span>that<span class="_"> </span>all<span class="_"> </span>these<span class="_"> </span>apps<span class="_"> </span>are<span class="_"> </span>still<span class="_"> </span>vulnerable,</div><div class="t m3 x13 h6 y160 ff2 fs4 fc0 sc0 ls0 ws0">especially<span class="_"> </span>since<span class="_"> </span>clickjacking<span class="_"> </span>for<span class="_"> </span>mobile<span class="_"> </span>has<span class="_"> </span>been<span class="_"> </span>known<span class="_ _6"> </span>for<span class="_"> </span>several</div><div class="t mb x13 h6 y161 ff2 fs4 fc0 sc0 ls0 ws0">years.<span class="_"> </span>On<span class="_"> </span>the<span class="_"> </span>other<span class="_"> </span>hand,<span class="_"> </span>we<span class="_"> </span>believe<span class="_"> </span>that<span class="_"> </span>this<span class="_"> </span>lack<span class="_"> </span>of<span class="_"> </span>protection<span class="_"> </span>is</div><div class="t mf x13 h6 y162 ff2 fs4 fc0 sc0 ls0 ws0">not<span class="_"> </span>due<span class="_"> </span>to<span class="_"> </span>simple<span class="_"> </span>ov<span class="_ _2"></span>ersights,<span class="_"> </span>but<span class="_"> </span>it<span class="_"> </span>is<span class="_"> </span>due<span class="_"> </span>to<span class="_ _6"> </span>fear<span class="_"> </span>of<span class="_"> </span>public<span class="_"> </span>outcry</div><div class="t m3 x13 h6 y163 ff2 fs4 fc0 sc0 ls0 ws0">caused<span class="_ _6"> </span>by<span class="_ _6"> </span>these<span class="_ _6"> </span>backward<span class="_ _6"> </span>compatibility<span class="_ _6"> </span>concerns<span class="_ _6"> </span>[</div><div class="t m0 x51 h6 y163 ff2 fs4 fc0 sc0 ls0 ws0">27</div><div class="t m3 x52 h6 y163 ff2 fs4 fc0 sc0 ls0 ws0">].<span class="_ _6"> </span>For<span class="_ _6"> </span>example,</div><div class="t m3 x13 h6 y164 ff2 fs4 fc0 sc0 ls0 ws0">we<span class="_"> </span>have<span class="_"> </span>noti&#58907;ed<span class="_"> </span>Google<span class="_"> </span>about<span class="_"> </span>the<span class="_"> </span>attacks<span class="_"> </span>against<span class="_"> </span>the<span class="_"> </span>Play<span class="_"> </span>Store<span class="_"> </span>in</div><div class="t m0 x13 h6 y165 ff2 fs4 fc0 sc0 ls0 ws0">A<span class="_ _2"></span>ugust<span class="_"> </span>2017,<span class="_"> </span>but,<span class="_"> </span>unfortunately<span class="_ _3"></span>,<span class="_"> </span>they<span class="_"> </span>are<span class="_"> </span>still<span class="_"> </span>practical.</div><div class="t m0 x13 h5 y166 ff3 fs3 fc0 sc0 ls0 ws0">5<span class="_ _d"> </span>HO<span class="_ _4"></span>W<span class="_ _7"> </span>APPS<span class="_ _5"> </span>USE<span class="_ _7"> </span>THE<span class="_ _5"> </span>USER<span class="_ _7"> </span>IN<span class="_ _4"></span>TERF<span class="_ _3"></span>A<span class="_ _3"></span>CE</div><div class="t m5 x41 h6 y167 ff2 fs4 fc0 sc0 ls0 ws0">W<span class="_ _3"></span>e<span class="_ _5"> </span>have<span class="_ _7"> </span>conducted<span class="_ _5"> </span>a<span class="_ _7"> </span>survey<span class="_ _7"> </span>to<span class="_ _5"> </span>determine<span class="_ _7"> </span>how<span class="_ _5"> </span>real-world<span class="_ _7"> </span>apps</div><div class="t m5 x13 h6 y168 ff2 fs4 fc0 sc0 ls0 ws0">use<span class="_"> </span>the<span class="_"> </span>user<span class="_ _5"> </span>interface.<span class="_"> </span>W<span class="_ _3"></span>e<span class="_"> </span>have<span class="_"> </span>tailored<span class="_"> </span>our<span class="_ _5"> </span>survey<span class="_"> </span>to<span class="_"> </span>study<span class="_ _5"> </span>two</div><div class="t m1c x13 h6 y169 ff2 fs4 fc0 sc0 ls0 ws0">speci&#58907;c<span class="_"> </span>aspe<span class="_ _4"></span>cts:<span class="_"> </span>1)<span class="_"> </span>how<span class="_"> </span>benign<span class="_"> </span>apps<span class="_"> </span>convey<span class="_"> </span>to<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>the<span class="_ _5"> </span>needed</div><div class="t m1f x13 h6 y16a ff2 fs4 fc0 sc0 ls0 ws0">contextual<span class="_"> </span>information<span class="_"> </span>concerning<span class="_"> </span>sensitive<span class="_"> </span>and<span class="_"> </span>security-relevant</div><div class="t m25 x13 h6 y16b ff2 fs4 fc0 sc0 ls0 ws0">actions;<span class="_"> </span>2)<span class="_"> </span>how<span class="_"> </span>benign<span class="_"> </span>apps<span class="_"> </span>use<span class="_"> </span>the<span class="_"> </span>&#8220;draw<span class="_"> </span>on<span class="_"> </span>top&#8221;<span class="_"> </span>permission,<span class="_"> </span>and</div><div class="t m0 x13 h6 y16c ff2 fs4 fc0 sc0 ls0 ws0">which<span class="_"> </span>functionality<span class="_"> </span>they<span class="_"> </span>aim<span class="_"> </span>at<span class="_"> </span>implementing.</div><div class="t m0 x13 h5 y16d ff3 fs3 fc0 sc0 ls0 ws0">5.1<span class="_ _d"> </span>Conveying<span class="_ _5"> </span>Contextual<span class="_ _5"> </span>Information</div><div class="t m5 x41 h6 y16e ff2 fs4 fc0 sc0 ls0 ws0">W<span class="_ _3"></span>e<span class="_"> </span>wanted<span class="_ _5"> </span>to<span class="_ _7"> </span>study<span class="_"> </span>how<span class="_ _5"> </span>apps<span class="_ _5"> </span>make<span class="_ _5"> </span>use<span class="_ _7"> </span>of<span class="_"> </span>the<span class="_ _5"> </span>user<span class="_ _5"> </span>interface<span class="_ _7"> </span>to</div><div class="t m3 x13 h6 y16f ff2 fs4 fc0 sc0 ls0 ws0">convey<span class="_"> </span>rele<span class="_ _2"></span>vant<span class="_"> </span>contextual<span class="_"> </span>information<span class="_"> </span>for<span class="_"> </span>a<span class="_"> </span>user<span class="_"> </span>to<span class="_"> </span>take<span class="_"> </span>informed</div><div class="t m25 x13 h6 y170 ff2 fs4 fc0 sc0 ls0 ws0">decision.<span class="_"> </span>Note<span class="_"> </span>that<span class="_"> </span>with<span class="_ _5"> </span>the<span class="_"> </span>term<span class="_"> </span><span class="ff4">contextual<span class="_ _b"> </span>information<span class="_ _5"> </span></span>we<span class="_"> </span>do<span class="_"> </span>not</div><div class="t m23 x13 h6 y171 ff2 fs4 fc0 sc0 ls0 ws0">only<span class="_"> </span>refer<span class="_"> </span>to<span class="_"> </span>security-related<span class="_"> </span>information<span class="_"> </span>display<span class="_ _2"></span>ed,<span class="_"> </span>for<span class="_"> </span>example,</div><div class="t m3 x13 h6 y172 ff2 fs4 fc0 sc0 ls0 ws0">in<span class="_"> </span>a<span class="_"> </span>popup:<span class="_"> </span>with<span class="_"> </span>it,<span class="_"> </span>we<span class="_"> </span>consider<span class="_"> </span>all<span class="_"> </span>information<span class="_"> </span>that<span class="_"> </span>the<span class="_ _5"> </span>user<span class="_"> </span>needs</div><div class="t m24 x13 h6 y173 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>be<span class="_"> </span>aware<span class="_"> </span>of<span class="_"> </span>to<span class="_ _5"> </span>determine<span class="_"> </span>what<span class="_"> </span>the<span class="_"> </span>e&#58909;ect<span class="_ _5"> </span>of<span class="_"> </span>one<span class="_"> </span>of<span class="_"> </span>her<span class="_"> </span>click<span class="_"> </span>on<span class="_ _5"> </span>a</div><div class="t m3 x13 h6 y174 ff2 fs4 fc0 sc0 ls0 ws0">button<span class="_"> </span>would<span class="_"> </span>be<span class="_"> </span>(e.g.,<span class="_"> </span>a<span class="_"> </span>click<span class="_"> </span>on<span class="_"> </span>the<span class="_"> </span>bottom-right<span class="_"> </span>part<span class="_"> </span>of<span class="_"> </span>the<span class="_ _5"> </span>Gmail</div><div class="t m0 x13 h6 y175 ff2 fs4 fc0 sc0 ls0 ws0">app<span class="_"> </span>triggers<span class="_"> </span>a<span class="_"> </span>&#8220;send<span class="_"> </span>email&#8221;<span class="_"> </span>action).</div><div class="c x11 y46 w2 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">Session 6B: Mobile 1</div></div><div class="c x2e y46 w3 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">CCS&#8217;18, October 15-19, 2018, Toronto, ON, Canada</div></div><div class="c x2f y48 w4 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">1123</div></div><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a></div><div class="pi" data-data='{"ctm":[1.568627,0.000000,0.000000,1.568627,0.000000,0.000000]}'></div></div>

<div id="pf5" class="pf w0 h0" data-page-no="5"><div class="pc pc5 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://csdnimg.cn/release/download_crawler_static/12728047/bg5.jpg"><div class="t m0 x53 h7 y176 ff3 fs5 fc0 sc0 ls0 ws0">(a)<span class="_ _f"> </span>(b)</div><div class="t m0 x11 he y177 ff3 fs4 fc0 sc0 ls0 ws0">Figure<span class="_ _b"> </span>1:<span class="_ _b"> </span>(a)<span class="_ _b"> </span>An<span class="_ _b"> </span>example<span class="_ _b"> </span>of<span class="_ _b"> </span>&#8220;widget&#8221;<span class="_ _b"> </span>implemente<span class="_ _4"></span>d<span class="_ _b"> </span>as<span class="_ _b"> </span>an<span class="_ _b"> </span>on-</div><div class="t m0 x11 he y178 ff3 fs4 fc0 sc0 ls0 ws0">top<span class="_ _7"> </span>overlay<span class="_ _5"> </span>by<span class="_ _7"> </span>Facebook<span class="_ _7"> </span>Messenger<span class="_ _3"></span>.<span class="_ _7"> </span>(b)<span class="_ _7"> </span>T<span class="_ _3"></span>wilight<span class="_ _7"> </span>app<span class="_ _7"> </span>in<span class="_ _7"> </span>ac-</div><div class="t m0 x11 he y179 ff3 fs4 fc0 sc0 ls0 ws0">tion,<span class="_ _e"> </span>an<span class="_ _10"> </span>example<span class="_ _e"> </span>of<span class="_ _10"> </span>screen<span class="_ _e"> </span>&#58907;lter<span class="_ _3"></span>.<span class="_ _10"> </span>The<span class="_ _e"> </span>red<span class="_ _10"> </span>shade<span class="_ _e"> </span>is<span class="_ _10"> </span>imple-</div><div class="t m0 x11 he y17a ff3 fs4 fc0 sc0 ls0 ws0">mented<span class="_ _b"> </span>as<span class="_ _b"> </span>a<span class="_ _b"> </span>p<span class="_ _4"></span>ersistent,<span class="_ _b"> </span>on-top,<span class="_ _b"> </span>semi-transparent<span class="_ _b"> </span>overlay<span class="_ _3"></span>.</div><div class="t m22 x12 h6 y17b ff2 fs4 fc0 sc0 ls0 ws0">T<span class="_ _3"></span>o<span class="_"> </span>this<span class="_"> </span>end,<span class="_"> </span>we<span class="_"> </span>hav<span class="_ _2"></span>e<span class="_"> </span>compiled<span class="_"> </span>a<span class="_"> </span>cumulative<span class="_"> </span>list<span class="_"> </span>of<span class="_ _6"> </span>67<span class="_"> </span>sensitive</div><div class="t m3 x11 h6 y17c ff2 fs4 fc0 sc0 ls0 ws0">views<span class="_"> </span>used<span class="_"> </span>by<span class="_"> </span>di&#58909;erent<span class="_"> </span>types<span class="_ _5"> </span>of<span class="_"> </span>apps.<span class="_"> </span>This<span class="_"> </span>list<span class="_"> </span>includes<span class="_ _5"> </span>views<span class="_"> </span>from</div><div class="t m5 x11 h6 y17d ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_"> </span>Android<span class="_ _5"> </span>settings<span class="_"> </span>app<span class="_ _5"> </span>(and<span class="_"> </span>its<span class="_ _5"> </span>sub-menus,<span class="_"> </span>11<span class="_ _5"> </span>entries<span class="_ _5"> </span>in<span class="_"> </span>total),</div><div class="t m9 x11 h6 y17e ff2 fs4 fc0 sc0 ls0 ws0">Google-owned<span class="_"> </span>apps<span class="_"> </span>(Gmail,<span class="_"> </span>Google<span class="_"> </span>Drive,<span class="_"> </span>etc.,<span class="_"> </span>11<span class="_"> </span>views),<span class="_"> </span>and<span class="_"> </span>sev-</div><div class="t m1f x11 h6 y17f ff2 fs4 fc0 sc0 ls0 ws0">eral<span class="_"> </span>representative<span class="_"> </span>sensitiv<span class="_ _2"></span>e<span class="_"> </span>views<span class="_"> </span>belonging<span class="_"> </span>to<span class="_"> </span>banking<span class="_"> </span>apps<span class="_"> </span>(15),</div><div class="t md x11 h6 y180 ff2 fs4 fc0 sc0 ls0 ws0">social<span class="_"> </span>networks<span class="_"> </span>like<span class="_"> </span>T<span class="_ _3"></span>witter<span class="_"> </span>and<span class="_"> </span>Facebook<span class="_"> </span>(8),<span class="_"> </span>messaging<span class="_"> </span>apps<span class="_"> </span>in-</div><div class="t m3 x11 h6 y181 ff2 fs4 fc0 sc0 ls0 ws0">cluding<span class="_"> </span>T<span class="_ _3"></span>elegram,<span class="_ _6"> </span>Signal<span class="_ _6"> </span>and<span class="_"> </span>WhatsApp<span class="_ _6"> </span>(8),<span class="_"> </span>and<span class="_ _6"> </span>security<span class="_"> </span>apps<span class="_ _6"> </span>such</div><div class="t m12 x11 h6 y182 ff2 fs4 fc0 sc0 ls0 ws0">as<span class="_"> </span>mobile<span class="_"> </span>antivirus<span class="_"> </span>(14).<span class="_"> </span>In<span class="_"> </span>all<span class="_ _6"> </span>cases,<span class="_"> </span><span class="ff4">the<span class="_ _b"> </span>relevant<span class="_ _b"> </span>contextual<span class="_ _b"> </span>infor-</span></div><div class="t m5 x11 h6 y183 ff4 fs4 fc0 sc0 ls0 ws0">mation<span class="_ _5"> </span>is<span class="_ _7"> </span>prominently<span class="_ _5"> </span>shown<span class="_ _5"> </span>in<span class="_ _5"> </span>the<span class="_ _7"> </span>center<span class="ff2">.<span class="_ _5"> </span>W<span class="_ _3"></span>e<span class="_ _5"> </span>note<span class="_ _5"> </span>that<span class="_ _7"> </span>none<span class="_ _5"> </span>of</span></div><div class="t m5 x11 h6 y184 ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_"> </span>known<span class="_ _5"> </span>and<span class="_"> </span>just-presented<span class="_ _5"> </span>attacks<span class="_ _5"> </span>discussed<span class="_ _5"> </span>above<span class="_"> </span>would<span class="_ _5"> </span>be</div><div class="t m6 x11 h6 y185 ff2 fs4 fc0 sc0 ls0 ws0">possible<span class="_"> </span>without<span class="_"> </span>covering<span class="_"> </span>the<span class="_"> </span>central<span class="_"> </span>part<span class="_"> </span>of<span class="_"> </span>the<span class="_"> </span>screen.<span class="_"> </span>Thus,<span class="_"> </span>we</div><div class="t m5 x11 h6 y186 ff2 fs4 fc0 sc0 ls0 ws0">conclude<span class="_"> </span>that,<span class="_"> </span>at<span class="_"> </span>least<span class="_"> </span>for<span class="_"> </span>the<span class="_"> </span>apps<span class="_"> </span>we<span class="_"> </span>have<span class="_"> </span>inspected,<span class="_"> </span>as<span class="_ _5"> </span>long<span class="_"> </span>as</div><div class="t m3 x11 h6 y187 ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_"> </span>central<span class="_ _6"> </span>portion<span class="_"> </span>of<span class="_ _6"> </span>the<span class="_ _6"> </span>screen<span class="_"> </span>is<span class="_ _6"> </span>not<span class="_"> </span>cov<span class="_ _2"></span>ered,<span class="_ _6"> </span>clickjacking<span class="_"> </span>attacks</div><div class="t m0 x11 h6 y188 ff2 fs4 fc0 sc0 ls0 ws0">are<span class="_"> </span>not<span class="_"> </span>possible.</div><div class="t m0 x11 h5 y189 ff3 fs3 fc0 sc0 ls0 ws0">5.2<span class="_ _d"> </span>How<span class="_ _5"> </span>and<span class="_ _7"> </span>Why<span class="_ _5"> </span>Apps<span class="_ _7"> </span>Create<span class="_ _5"> </span>O<span class="_ _4"></span>verlays</div><div class="t m3 x11 h6 y18a ff2 fs4 fc0 sc0 ls0 ws0">One<span class="_ _8"> </span>of<span class="_ _6"> </span>the<span class="_ _8"> </span>concerns<span class="_ _8"> </span>when<span class="_ _6"> </span>developing<span class="_ _8"> </span>a<span class="_ _8"> </span>security<span class="_ _6"> </span>mechanisms<span class="_ _8"> </span>relates</div><div class="t m4 x11 h6 y18b ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>backward<span class="_"> </span>compatibility<span class="_ _3"></span>.<span class="_"> </span>As<span class="_"> </span>we<span class="_"> </span>aim<span class="_"> </span>to<span class="_"> </span>design<span class="_"> </span>a<span class="_"> </span>mechanism<span class="_"> </span>that</div><div class="t m5 x11 h6 y18c ff2 fs4 fc0 sc0 ls0 ws0">is<span class="_ _7"> </span>not<span class="_ _9"> </span>a&#58909;ected<span class="_ _9"> </span>by<span class="_ _7"> </span>these<span class="_ _9"> </span>concerns,<span class="_ _9"> </span>we<span class="_ _7"> </span>have<span class="_ _7"> </span>p<span class="_ _4"></span>erformed<span class="_ _7"> </span>a<span class="_ _9"> </span>survey</div><div class="t me x11 h6 y18d ff2 fs4 fc0 sc0 ls0 ws0">over<span class="_"> </span>a<span class="_"> </span>number<span class="_"> </span>of<span class="_"> </span>real-world<span class="_"> </span>apps<span class="_"> </span>to<span class="_"> </span>study<span class="_"> </span>how<span class="_"> </span>they<span class="_"> </span>use<span class="_"> </span>the<span class="_"> </span>&#8220;draw</div><div class="t m5 x11 h6 y18e ff2 fs4 fc0 sc0 ls0 ws0">on<span class="_"> </span>top&#8221;<span class="_"> </span>p<span class="_ _4"></span>ermission,<span class="_"> </span>and<span class="_ _5"> </span>which<span class="_ _5"> </span>purpose<span class="_ _5"> </span>they<span class="_ _5"> </span>want<span class="_ _5"> </span>to<span class="_ _5"> </span>achieve<span class="_"> </span>by</div><div class="t m5 x11 h6 y18f ff2 fs4 fc0 sc0 ls0 ws0">drawing<span class="_ _9"> </span>overlays.<span class="_ _7"> </span>W<span class="_ _3"></span>e<span class="_ _9"> </span>built<span class="_ _9"> </span>three<span class="_ _9"> </span>di&#58909;erent<span class="_ _9"> </span>datasets,<span class="_ _9"> </span>which<span class="_ _9"> </span>aim</div><div class="t m5 x11 h6 y190 ff2 fs4 fc0 sc0 ls0 ws0">at<span class="_ _5"> </span>covering<span class="_ _5"> </span>potentially<span class="_ _5"> </span>problematic<span class="_ _5"> </span>categories<span class="_ _7"> </span>of<span class="_"> </span>apps<span class="_ _7"> </span>(for<span class="_ _5"> </span>what</div><div class="t m0 x11 h6 y191 ff2 fs4 fc0 sc0 ls0 ws0">concerns<span class="_"> </span>clickjacking<span class="_"> </span>protection<span class="_"> </span>mechanisms).</div><div class="t m5 x12 h6 y192 ff2 fs4 fc0 sc0 ls0 ws0">The<span class="_ _7"> </span>&#58907;rst<span class="_ _7"> </span>dataset<span class="_ _7"> </span>is<span class="_ _7"> </span>composed<span class="_ _7"> </span>by<span class="_ _7"> </span>popular<span class="_ _7"> </span>apps<span class="_ _7"> </span>hosted<span class="_ _7"> </span>on<span class="_ _7"> </span>the</div><div class="t m29 x11 h6 y193 ff2 fs4 fc0 sc0 ls0 ws0">o&#58908;cial<span class="_"> </span>Google<span class="_"> </span>Play<span class="_"> </span>Store.<span class="_"> </span>This<span class="_"> </span>dataset<span class="_"> </span>is<span class="_"> </span>constituted<span class="_"> </span>by<span class="_"> </span>454<span class="_"> </span>apps,</div><div class="t m21 x11 h6 y194 ff2 fs4 fc0 sc0 ls0 ws0">and<span class="_"> </span>they<span class="_"> </span>all<span class="_"> </span>requir<span class="_ _2"></span>e<span class="_"> </span>the<span class="_"> </span>SYSTEM_ALERT_<span class="_ _3"></span>WINDOW<span class="_"> </span>permission.</div><div class="t m3 x11 h6 y195 ff2 fs4 fc0 sc0 ls0 ws0">This<span class="_ _6"> </span>list<span class="_ _6"> </span>was<span class="_ _6"> </span>kindly<span class="_ _6"> </span>provided<span class="_ _8"> </span>by<span class="_"> </span>the<span class="_ _8"> </span>authors<span class="_ _6"> </span>of<span class="_ _6"> </span>Cloak<span class="_ _6"> </span>&amp;<span class="_ _6"> </span>Dagger<span class="_ _6"> </span>[</div><div class="t m0 x3c h6 y195 ff2 fs4 fc0 sc0 ls0 ws0">10</div><div class="t m3 x3d h6 y195 ff2 fs4 fc0 sc0 ls0 ws0">],</div><div class="t md x11 h6 y196 ff2 fs4 fc0 sc0 ls0 ws0">and<span class="_"> </span>it<span class="_"> </span>was<span class="_"> </span>obtained<span class="_"> </span>by<span class="_"> </span>&#58907;ltering<span class="_"> </span>for<span class="_"> </span>apps<span class="_"> </span>requiring<span class="_"> </span>the<span class="_"> </span>permission</div><div class="t m1b x11 h6 y197 ff2 fs4 fc0 sc0 ls0 ws0">from<span class="_"> </span>an<span class="_"> </span>initial<span class="_"> </span>dataset<span class="_"> </span>of<span class="_"> </span>4,455<span class="_"> </span>top<span class="_"> </span>apps<span class="_"> </span>on<span class="_"> </span>the<span class="_"> </span>Play<span class="_"> </span>Store<span class="_"> </span>crawled</div><div class="t m5 x13 h6 y49 ff2 fs4 fc0 sc0 ls0 ws0">across<span class="_"> </span>di&#58909;erent<span class="_ _5"> </span>categories.<span class="_ _7"> </span>W<span class="_ _3"></span>e<span class="_"> </span>have<span class="_ _5"> </span>considered<span class="_ _5"> </span>a<span class="_ _5"> </span>subset<span class="_ _5"> </span>of<span class="_ _7"> </span>(ran-</div><div class="t m8 x13 h6 y4a ff2 fs4 fc0 sc0 ls0 ws0">domly<span class="_"> </span>selected)<span class="_"> </span>305<span class="_"> </span>apps<span class="_"> </span>for<span class="_"> </span>closer<span class="_"> </span>inspection.<span class="_"> </span>These<span class="_"> </span>apps<span class="_"> </span>span<span class="_"> </span>a</div><div class="t m4 x13 h6 y80 ff2 fs4 fc0 sc0 ls0 ws0">number<span class="_"> </span>of<span class="_"> </span>categories,<span class="_"> </span>including<span class="_"> </span>screen<span class="_"> </span>&#58907;lters,<span class="_"> </span>messaging,<span class="_"> </span>audio<span class="_"> </span>&amp;</div><div class="t m3 x13 h6 y81 ff2 fs4 fc0 sc0 ls0 ws0">video<span class="_"> </span>players,<span class="_ _6"> </span>photo<span class="_"> </span>&amp;<span class="_"> </span>video<span class="_ _6"> </span>editing,<span class="_"> </span>custom<span class="_"> </span>launchers,<span class="_"> </span>VPN<span class="_ _6"> </span>&amp;<span class="_"> </span>net-</div><div class="t m10 x13 h6 y82 ff2 fs4 fc0 sc0 ls0 ws0">working,<span class="_"> </span>productivity<span class="_"> </span>&amp;<span class="_"> </span>utilities<span class="_"> </span>(e<span class="_ _2"></span>.g.,<span class="_"> </span>status<span class="_"> </span>indicators),<span class="_"> </span>antivirus,</div><div class="t m0 x13 h6 y83 ff2 fs4 fc0 sc0 ls0 ws0">and<span class="_"> </span>screen<span class="_"> </span>lockers.</div><div class="t m3 x1e h6 y84 ff2 fs4 fc0 sc0 ls0 ws0">The<span class="_ _8"> </span>&#58907;rst<span class="_ _8"> </span>dataset<span class="_ _6"> </span>is<span class="_ _8"> </span>already<span class="_ _8"> </span>quite<span class="_ _8"> </span>signi&#58907;cant<span class="_ _8"> </span>in<span class="_ _6"> </span>size,<span class="_ _8"> </span>but<span class="_ _8"> </span>we<span class="_ _8"> </span>wanted</div><div class="t m3 x13 h6 y85 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>include<span class="_ _6"> </span>in<span class="_"> </span>our<span class="_ _6"> </span>analysis<span class="_"> </span>1)<span class="_ _6"> </span>apps<span class="_"> </span>fr<span class="_ _3"></span>om<span class="_"> </span>di&#58909;erent<span class="_"> </span>sour<span class="_ _2"></span>ces<span class="_ _6"> </span>and<span class="_"> </span>2)<span class="_ _6"> </span>apps</div><div class="t m5 x13 h6 yb3 ff2 fs4 fc0 sc0 ls0 ws0">that<span class="_ _5"> </span>could<span class="_ _7"> </span>be<span class="_ _5"> </span>particularly<span class="_ _7"> </span>problematic<span class="_ _5"> </span>for<span class="_ _7"> </span>a<span class="_ _5"> </span>defense<span class="_ _5"> </span>me<span class="_ _4"></span>chanism.</div><div class="t m5 x13 h6 yb4 ff2 fs4 fc0 sc0 ls0 ws0">T<span class="_ _3"></span>o<span class="_ _7"> </span>this<span class="_ _7"> </span>end,<span class="_ _9"> </span>we<span class="_ _7"> </span>created<span class="_ _7"> </span>a<span class="_ _9"> </span>second<span class="_ _7"> </span>dataset<span class="_ _9"> </span>with<span class="_ _7"> </span>apps<span class="_ _7"> </span>taken<span class="_ _9"> </span>from</div><div class="t m5 x13 h6 yb5 ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_ _5"> </span>F-Droid<span class="_ _5"> </span>open<span class="_ _5"> </span>source<span class="_ _5"> </span>apps<span class="_ _5"> </span>repositor<span class="_ _4"></span>y<span class="_ _5"> </span>[</div><div class="t m0 x54 h6 yb5 ff2 fs4 fc0 sc0 ls0 ws0">7</div><div class="t m5 x55 h6 yb5 ff2 fs4 fc0 sc0 ls0 ws0">]:<span class="_ _5"> </span>we<span class="_ _5"> </span>have<span class="_ _5"> </span>randomly</div><div class="t m1a x13 h6 yb6 ff2 fs4 fc0 sc0 ls0 ws0">selected<span class="_"> </span>the<span class="_"> </span>top<span class="_"> </span>20<span class="_"> </span>entries<span class="_"> </span>on<span class="_"> </span>Google<span class="_"> </span>when<span class="_"> </span>searching<span class="_"> </span>for<span class="_"> </span>the<span class="_"> </span>&#8220;an-</div><div class="t me x13 h6 yb7 ff2 fs4 fc0 sc0 ls0 ws0">droid.permission.SYSTEM_ALERT_<span class="_ _3"></span>WINDOW&#8221;<span class="_ _5"> </span>permission<span class="_"> </span>used<span class="_ _5"> </span>in</div><div class="t m19 x13 h6 yb8 ff2 fs4 fc0 sc0 ls0 ws0">webpages<span class="_"> </span>belonging<span class="_"> </span>to<span class="_"> </span>F-Droid<span class="_"> </span>apps.<span class="_"> </span>Among<span class="_"> </span>these<span class="_ _2"></span>,<span class="_"> </span>only<span class="_"> </span>15<span class="_"> </span>wer<span class="_ _2"></span>e</div><div class="t m5 x13 h6 yb9 ff2 fs4 fc0 sc0 ls0 ws0">real<span class="_ _5"> </span>apps<span class="_ _5"> </span>(the<span class="_ _7"> </span>remaining<span class="_"> </span>ones<span class="_ _7"> </span>wer<span class="_ _2"></span>e<span class="_ _5"> </span>toy<span class="_ _5"> </span>samples)<span class="_ _7"> </span>and<span class="_"> </span>they<span class="_ _3"></span>,<span class="_ _7"> </span>once</div><div class="t m3 x13 h6 yba ff2 fs4 fc0 sc0 ls0 ws0">again,<span class="_ _8"> </span>b<span class="_ _4"></span>elong<span class="_ _8"> </span>to<span class="_ _6"> </span>a<span class="_ _8"> </span>numb<span class="_ _4"></span>er<span class="_ _8"> </span>of<span class="_ _6"> </span>di&#58909;erent<span class="_ _8"> </span>categories,<span class="_ _6"> </span>such<span class="_ _8"> </span>as<span class="_ _6"> </span>messaging,</div><div class="t m16 x13 h6 ybb ff2 fs4 fc0 sc0 ls0 ws0">VPN<span class="_"> </span>&amp;<span class="_"> </span>networking,<span class="_"> </span>productivity<span class="_"> </span>&amp;<span class="_"> </span>utilities,<span class="_"> </span>audio<span class="_"> </span>&amp;<span class="_"> </span>video<span class="_"> </span>players,</div><div class="t m1a x13 h6 y198 ff2 fs4 fc0 sc0 ls0 ws0">photo<span class="_"> </span>&amp;<span class="_"> </span>video<span class="_"> </span>editing,<span class="_"> </span>and<span class="_"> </span>custom<span class="_"> </span>launchers.<span class="_"> </span>Moreover<span class="_ _3"></span>,<span class="_"> </span>we<span class="_"> </span>hav<span class="_ _2"></span>e</div><div class="t m1b x13 h6 y199 ff2 fs4 fc0 sc0 ls0 ws0">also<span class="_"> </span>created<span class="_"> </span>a<span class="_"> </span>third<span class="_"> </span>dataset<span class="_"> </span>constituted<span class="_"> </span>exclusively<span class="_"> </span>by<span class="_"> </span>scr<span class="_ _2"></span>een<span class="_"> </span>&#58907;lter</div><div class="t m5 x13 h6 y19a ff2 fs4 fc0 sc0 ls0 ws0">apps.<span class="_"> </span>W<span class="_ _3"></span>e<span class="_"> </span>chose<span class="_"> </span>to<span class="_"> </span>focus<span class="_"> </span>on<span class="_ _5"> </span>this<span class="_"> </span>category<span class="_ _5"> </span>because<span class="_ _5"> </span>their<span class="_"> </span>key<span class="_"> </span>func-</div><div class="t m5 x13 h6 y19b ff2 fs4 fc0 sc0 ls0 ws0">tionality<span class="_ _7"> </span>is<span class="_ _5"> </span>well-known<span class="_ _7"> </span>to<span class="_ _7"> </span>create<span class="_ _5"> </span>backward<span class="_ _7"> </span>compatibility<span class="_ _5"> </span>issues</div><div class="t mf x13 h6 y19c ff2 fs4 fc0 sc0 ls0 ws0">with<span class="_"> </span>current<span class="_"> </span>protections<span class="_"> </span>against<span class="_"> </span>clickjacking<span class="_"> </span>attacks<span class="_"> </span>[</div><div class="t m0 x56 h6 y19c ff2 fs4 fc0 sc0 ls0 ws0">27</div><div class="t mf x57 h6 y19c ff2 fs4 fc0 sc0 ls0 ws0">].<span class="_"> </span>In<span class="_"> </span>fact,</div><div class="t m18 x13 h6 y19d ff2 fs4 fc0 sc0 ls0 ws0">this<span class="_"> </span>category<span class="_"> </span>of<span class="_"> </span>apps<span class="_ _5"> </span>relies<span class="_"> </span>on<span class="_"> </span>the<span class="_"> </span>creation<span class="_"> </span>of<span class="_"> </span>persistent<span class="_"> </span>fullscreen,</div><div class="t m5 x13 h6 y19e ff2 fs4 fc0 sc0 ls0 ws0">passthrough,<span class="_ _7"> </span>on-top<span class="_ _5"> </span>overlays:<span class="_ _7"> </span>these<span class="_ _7"> </span>overlays<span class="_ _5"> </span>are<span class="_ _7"> </span>all<span class="_ _7"> </span>detected<span class="_ _7"> </span>as</div><div class="t m1d x13 h6 y19f ff2 fs4 fc0 sc0 ls0 ws0">problematic<span class="_"> </span>by<span class="_"> </span>the<span class="_"> </span>obscured<span class="_"> </span>&#58910;ag<span class="_"> </span>mechanism.<span class="_"> </span>For<span class="_"> </span>this<span class="_"> </span>dataset,<span class="_"> </span>w<span class="_ _2"></span>e</div><div class="t m10 x13 h6 y1a0 ff2 fs4 fc0 sc0 ls0 ws0">have<span class="_"> </span>selected<span class="_"> </span>the<span class="_"> </span>10<span class="_"> </span>screen<span class="_"> </span>&#58907;lter<span class="_"> </span>apps<span class="_"> </span>with<span class="_"> </span>the<span class="_"> </span>highest<span class="_"> </span>number<span class="_"> </span>of</div><div class="t mf x13 h6 y1a1 ff2 fs4 fc0 sc0 ls0 ws0">installations<span class="_"> </span>from<span class="_"> </span>the<span class="_"> </span>Play<span class="_"> </span>Store.<span class="_"> </span>W<span class="_ _1"></span>e<span class="_"> </span>report<span class="_"> </span>these<span class="_"> </span>apps<span class="_"> </span>in<span class="_"> </span>T<span class="_ _3"></span>able<span class="_"> </span>1</div><div class="t m0 x13 h6 y1a2 ff2 fs4 fc0 sc0 ls0 ws0">in<span class="_"> </span>Appendix<span class="_"> </span>B.</div><div class="t m5 x1e h6 y1a3 ff2 fs4 fc0 sc0 ls0 ws0">W<span class="_ _3"></span>e<span class="_"> </span>have<span class="_ _5"> </span>sele<span class="_ _4"></span>cted<span class="_ _5"> </span>for<span class="_ _7"> </span>a<span class="_"> </span>throughout<span class="_ _5"> </span>manual<span class="_ _7"> </span>inspection<span class="_ _5"> </span>a<span class="_ _7"> </span>num-</div><div class="t m5 x13 h6 y1a4 ff2 fs4 fc0 sc0 ls0 ws0">ber<span class="_ _5"> </span>of<span class="_ _7"> </span>samples<span class="_"> </span>(<span class="_ _4"></span>between<span class="_ _5"> </span>3<span class="_ _5"> </span>and<span class="_ _7"> </span>5)<span class="_ _5"> </span>for<span class="_ _5"> </span>each<span class="_ _5"> </span>of<span class="_ _7"> </span>the<span class="_"> </span>categories<span class="_ _7"> </span>that</div><div class="t m1f x13 h6 y1a5 ff2 fs4 fc0 sc0 ls0 ws0">were<span class="_"> </span>cov<span class="_ _2"></span>ered<span class="_"> </span>in<span class="_"> </span>the<span class="_"> </span>&#58907;rst<span class="_"> </span>dataset,<span class="_"> </span>and<span class="_"> </span>all<span class="_"> </span>the<span class="_"> </span>samples<span class="_"> </span>in<span class="_"> </span>the<span class="_"> </span>second</div><div class="t m23 x13 h6 y1a6 ff2 fs4 fc0 sc0 ls0 ws0">and<span class="_"> </span>third<span class="_"> </span>dataset,<span class="_"> </span>for<span class="_"> </span>a<span class="_"> </span>total<span class="_"> </span>of<span class="_ _6"> </span>60<span class="_"> </span>samples.<span class="_"> </span>The<span class="_"> </span>remainder<span class="_"> </span>of<span class="_"> </span>this</div><div class="t m5 x13 h6 y1a7 ff2 fs4 fc0 sc0 ls0 ws0">section<span class="_"> </span>discusses<span class="_ _5"> </span>the<span class="_ _5"> </span>gathered<span class="_"> </span>insights,<span class="_ _5"> </span>grouped<span class="_"> </span>by<span class="_ _5"> </span>the<span class="_ _5"> </span>di&#58909;erent</div><div class="t m0 x13 h6 y1a8 ff2 fs4 fc0 sc0 ls0 ws0">functionality<span class="_"> </span>these<span class="_"> </span>apps<span class="_"> </span>aim<span class="_"> </span>at<span class="_"> </span>implementing.</div><div class="t m0 x41 he y1a9 ff3 fs4 fc0 sc0 ls0 ws0">Widgets<span class="_ _b"> </span>at<span class="_ _b"> </span>the<span class="_ _b"> </span>margin.</div><div class="t m1b x46 h6 y1a9 ff2 fs4 fc0 sc0 ls0 ws0">One<span class="_"> </span>very<span class="_"> </span>frequent<span class="_"> </span>use-case<span class="_"> </span>for<span class="_"> </span>the<span class="_"> </span>apps</div><div class="t m5 x13 h6 y1aa ff2 fs4 fc0 sc0 ls0 ws0">in<span class="_ _5"> </span>our<span class="_ _5"> </span>dataset<span class="_ _5"> </span>is<span class="_ _5"> </span>to<span class="_ _5"> </span>create<span class="_ _5"> </span>overlays<span class="_ _5"> </span>with<span class="_ _5"> </span>the<span class="_ _5"> </span>purp<span class="_ _4"></span>ose<span class="_ _5"> </span>of<span class="_ _5"> </span>drawing</div><div class="t m6 x13 h6 y1ab ff2 fs4 fc0 sc0 ls0 ws0">persistent<span class="_"> </span>widgets.<span class="_"> </span>Depending<span class="_"> </span>on<span class="_"> </span>the<span class="_"> </span>app<span class="_"> </span>categor<span class="_ _4"></span>y<span class="_ _3"></span>,<span class="_"> </span>these<span class="_"> </span>widgets</div><div class="t m25 x13 h6 y1ac ff2 fs4 fc0 sc0 ls0 ws0">are<span class="_"> </span>used<span class="_"> </span>to<span class="_"> </span>display<span class="_"> </span>a<span class="_"> </span>numb<span class="_ _4"></span>er<span class="_"> </span>of<span class="_"> </span>information,<span class="_"> </span>to<span class="_"> </span>act<span class="_"> </span>as<span class="_"> </span>shortcuts,<span class="_"> </span>or</div><div class="t m8 x13 h6 y1ad ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>attract<span class="_"> </span>attention<span class="_"> </span>from<span class="_"> </span>the<span class="_"> </span>user<span class="_ _3"></span>.<span class="_"> </span>Figure<span class="_"> </span>1a<span class="_"> </span>shows<span class="_"> </span>a<span class="_ _6"> </span>very<span class="_"> </span>p<span class="_ _4"></span>opular</div><div class="t m11 x13 h6 y1ae ff2 fs4 fc0 sc0 ls0 ws0">example,<span class="_"> </span>Facebook<span class="_"> </span>Messenger<span class="_ _3"></span>,<span class="_"> </span>which<span class="_"> </span>draws<span class="_"> </span>a<span class="_"> </span>rounded<span class="_"> </span>overlay<span class="_"> </span>to</div><div class="t m3 x13 h6 y1af ff2 fs4 fc0 sc0 ls0 ws0">notify<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>of<span class="_"> </span>a<span class="_"> </span>new<span class="_"> </span>message<span class="_ _2"></span>.<span class="_"> </span>Other<span class="_"> </span>categories<span class="_"> </span>of<span class="_"> </span>apps<span class="_"> </span>that<span class="_"> </span>cre-</div><div class="t m0 x13 h6 y1b0 ff2 fs4 fc0 sc0 ls0 ws0">ate<span class="_"> </span>this<span class="_"> </span>kind<span class="_"> </span>of<span class="_"> </span>widgets<span class="_"> </span>are<span class="_"> </span>audio<span class="_"> </span>&amp;<span class="_"> </span>video<span class="_"> </span>players<span class="_"> </span>(to<span class="_"> </span>show<span class="_"> </span>which</div><div class="t m6 x13 h6 y1b1 ff2 fs4 fc0 sc0 ls0 ws0">song<span class="_"> </span>is<span class="_"> </span>playing,<span class="_"> </span>see<span class="_"> </span>Figure<span class="_"> </span>7a<span class="_"> </span>in<span class="_"> </span>Appendix<span class="_"> </span>C),<span class="_"> </span>VPN<span class="_"> </span>&amp;<span class="_"> </span>networking</div><div class="t m26 x13 h6 y1b2 ff2 fs4 fc0 sc0 ls0 ws0">(to<span class="_"> </span>show<span class="_"> </span>the<span class="_"> </span>status<span class="_"> </span>of<span class="_"> </span>the<span class="_"> </span>connectivity<span class="_ _3"></span>,<span class="_"> </span>strength<span class="_"> </span>of<span class="_"> </span>the<span class="_"> </span>signal,<span class="_"> </span>and</div><div class="t m1a x13 h6 y1b3 ff2 fs4 fc0 sc0 ls0 ws0">similar<span class="_"> </span>information,<span class="_"> </span>Figure<span class="_"> </span>7b),<span class="_"> </span>custom<span class="_"> </span>launchers<span class="_"> </span>(that<span class="_"> </span>draw<span class="_"> </span>side</div><div class="t m3 x13 h6 y1b4 ff2 fs4 fc0 sc0 ls0 ws0">widgets<span class="_"> </span>with<span class="_"> </span>shortcuts<span class="_"> </span>to<span class="_"> </span>various<span class="_"> </span>apps,<span class="_"> </span>Figure<span class="_ _6"> </span>9a<span class="_"> </span>and<span class="_"> </span>9b),<span class="_"> </span>status<span class="_"> </span>in-</div><div class="t m3 x13 h6 y1b5 ff2 fs4 fc0 sc0 ls0 ws0">dicators<span class="_"> </span>(e.g.,<span class="_"> </span>battery<span class="_"> </span>level,<span class="_"> </span>Figure<span class="_"> </span>10a),<span class="_"> </span>and<span class="_"> </span>productivity<span class="_"> </span>apps<span class="_"> </span>(that</div><div class="t m0 x13 h6 y1b6 ff2 fs4 fc0 sc0 ls0 ws0">create<span class="_"> </span>shortcuts<span class="_"> </span>to<span class="_"> </span>documents,<span class="_"> </span>notes,<span class="_"> </span>and<span class="_"> </span>calendars,<span class="_"> </span>Figure<span class="_"> </span>10b).</div><div class="t m3 x1e h6 y1b7 ff2 fs4 fc0 sc0 ls0 ws0">W<span class="_ _3"></span>e<span class="_"> </span>note<span class="_ _6"> </span>that,<span class="_"> </span>in<span class="_"> </span>all<span class="_"> </span>cases,<span class="_"> </span>these<span class="_ _6"> </span>widgets<span class="_"> </span>are<span class="_"> </span>drawn<span class="_"> </span>opaque<span class="_ _2"></span>,<span class="_"> </span>click-</div><div class="t m3 x13 h6 y1b8 ff2 fs4 fc0 sc0 ls0 ws0">able,<span class="_ _8"> </span>and<span class="_"> </span>the<span class="_ _2"></span>y<span class="_ _8"> </span>are<span class="_ _6"> </span>place<span class="_ _6"> </span>at<span class="_ _6"> </span>the<span class="_ _6"> </span>margin<span class="_ _6"> </span>of<span class="_ _6"> </span>the<span class="_ _6"> </span>screen.<span class="_ _8"> </span>This<span class="_"> </span>is<span class="_ _8"> </span>expected,</div><div class="t m1c x13 h6 y1b9 ff2 fs4 fc0 sc0 ls0 ws0">as<span class="_"> </span>users<span class="_"> </span>would<span class="_"> </span>likely<span class="_"> </span>be<span class="_"> </span>annoyed<span class="_"> </span>by<span class="_"> </span>on-top<span class="_ _5"> </span>opaque<span class="_"> </span>overlays<span class="_"> </span>in<span class="_"> </span>the</div><div class="t m15 x13 h6 y1ba ff2 fs4 fc0 sc0 ls0 ws0">middle<span class="_"> </span>of<span class="_"> </span>the<span class="_"> </span>screen.<span class="_"> </span>W<span class="_ _11"></span>e<span class="_"> </span>also<span class="_"> </span>note<span class="_"> </span>that<span class="_"> </span>these<span class="_"> </span>apps<span class="_"> </span>do<span class="_"> </span>not<span class="_"> </span>con&#58910;ict</div><div class="t m5 x13 h6 y1bb ff2 fs4 fc0 sc0 ls0 ws0">with<span class="_"> </span>the<span class="_"> </span>obscured<span class="_"> </span>&#58910;ag<span class="_"> </span>defense.<span class="_"> </span>In<span class="_"> </span>fact,<span class="_"> </span>this<span class="_"> </span>defense<span class="_"> </span>kicks<span class="_"> </span>in<span class="_"> </span>only</div><div class="t m10 x13 h6 y1bc ff2 fs4 fc0 sc0 ls0 ws0">when<span class="_"> </span>overlays<span class="_"> </span>cov<span class="_ _2"></span>er<span class="_"> </span>the<span class="_"> </span>security-sensitive<span class="_"> </span>button<span class="_"> </span>itself.<span class="_"> </span>However<span class="_ _11"></span>,</div><div class="t m3 x13 h6 y1bd ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_ _6"> </span>&#8220;hide<span class="_ _6"> </span>overlays&#8221;<span class="_ _6"> </span>defense<span class="_ _6"> </span>could<span class="_ _6"> </span>cause<span class="_ _6"> </span>problems,<span class="_ _6"> </span>because<span class="_"> </span>the<span class="_ _8"> </span>users</div><div class="c x11 y46 w2 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">Session 6B: Mobile 1</div></div><div class="c x2e y46 w3 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">CCS&#8217;18, October 15-19, 2018, Toronto, ON, Canada</div></div><div class="c x2f y48 w4 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">1124</div></div><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a></div><div class="pi" data-data='{"ctm":[1.568627,0.000000,0.000000,1.568627,0.000000,0.000000]}'></div></div>