@inproceedings{b38426c68b0943b1aba8946e3665b4fa,
title = "ActivityHijacker: Hijacking the android activity component for sensitive data",
abstract = "As many malicious apps have been distributed in Android markets, it is urgent to fix the vulnerabilities exploited by these apps and develop effective mitigation methods. In this paper, we identify a common vulnerability in many Android apps. This vulnerability is rooted in an unprotected Android component, called {"}Activity{"}. Utilizing this vulnerability, a malicious app can stealthily and cannily collect sensitive user data. To better understand this issue, we have built {"}ActivityHijacker{"}, an app that can detect the right moment to hijack the Activity component and intercept a user's password while it is being inputted in real time. To assess the prevalence of this vulnerability, we further analyzed 8 Android OSs (version 2.x to 5.x) and 22 banking apps collected in January 2016 from various Android markets. Our results show that all these Android OSs and apps are susceptible to the vulnerability; 14 out of 22 banking apps can be hijacked without any prompts. We further present a mitigation mechanism that restricts the Activity component to authorized apps.",
keywords = "Activity component, Activity hijacker, Android vulnerability, Privacy leakage",
author = "Zhaoguo Wang and Chenglong Li and Yi Guan and Yibo Xue and Yingfei Dong",
note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 25th International Conference on Computer Communications and Networks, ICCCN 2016 ; Conference date: 01-08-2016 Through 04-08-2016",
year = "2016",
month = sep,
day = "14",
doi = "10.1109/ICCCN.2016.7568487",
language = "英语",
series = "2016 25th International Conference on Computer Communications and Networks, ICCCN 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "2016 25th International Conference on Computer Communications and Networks, ICCCN 2016",
address = "美国",
}