Conference Proceeding Article
Nowadays, the popular Android is so closely involved in people's daily lives that people rely on Android to perform critical operations and trust Android with sensitive information. It is of great importance to guarantee the usability and security of Android which, however, is such a huge system that a potential threat may arise from any part of it. In this paper, we focus on the Free Floating window (FF window) which is a category of windows that can appear freely above any other applications. It can share the screen space with other FF windows, dialogs, and activities. An FF window is flexible in both its appearance and behaviour features. We analyse the behaviour features of FF windows, including the priority in display layer and the capability of processing user-generated events. Three types of attacks via FF windows with delicate design in their appearance and behaviour features are demonstrated, i.e., DoS attack against Android system, GUI hijacking by targeting overlap, and input inference using FF windows as a side channel. To address the threat caused by FF windows, we design a priority framework for FF windows, which protects a sensitive activity/FF window declared by developers from being attacked by any malicious FF windows. A complementary solution is proposed to mitigate the confusion attack from malicious activities. Finally, we provide Android with suggestions on how to manage FF windows.
Android; DoS attack; Free floating window; GUI hijacking; Input inference
Technology and Innovation
ASIA CCS'16: Proceedings of the 11th ACM Asia Conference on Computer and Communications Security, Xi'an, China, 2016, May 30-June 3
Association for Computing Machinery, Inc
City or Country
YING, Lingyun; CHENG, Yao; LU, Yemian; GU, Yacong; SU, Purui; and FENG, Dengguo.
Attacks and defence on android free floating windows. (2016). ASIA CCS'16: Proceedings of the 11th ACM Asia Conference on Computer and Communications Security, Xi'an, China, 2016, May 30-June 3. 759-770. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/3722
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.