{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T12:24:15Z","timestamp":1756383855652},"publisher-location":"Cham","reference-count":42,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319663319"},{"type":"electronic","value":"9783319663326"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-66332-6_15","type":"book-chapter","created":{"date-parts":[[2017,10,11]],"date-time":"2017-10-11T07:58:05Z","timestamp":1507708685000},"page":"334-354","source":"Crossref","is-referenced-by-count":16,"title":["Trapped by the UI: The Android Case"],"prefix":"10.1007","author":[{"given":"Efthimios","family":"Alepis","sequence":"first","affiliation":[]},{"given":"Constantinos","family":"Patsakis","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,10,12]]},"reference":[{"key":"15_CR1","doi-asserted-by":"crossref","unstructured":"AlJarrah, A., Shehab, M.: Maintaining user interface integrity on android. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), vol. 1, pp. 449\u2013458. IEEE (2016)","DOI":"10.1109\/COMPSAC.2016.150"},{"key":"15_CR2","unstructured":"Android Developer: ActivityManager \u2013 getRunningTasks. https:\/\/developer.android.com\/reference\/android\/app\/ActivityManager.html#getRunningTasks(int) . Accessed 28 Mar 2017"},{"key":"15_CR3","unstructured":"Android Developer: Device administration. https:\/\/developer.android.com\/guide\/topics\/admin\/device-admin.html . Accessed 28 Mar 2017"},{"key":"15_CR4","unstructured":"Android Developer: Intent. https:\/\/developer.android.com\/reference\/android\/content\/Intent.html . Accessed 28 Mar 2017"},{"key":"15_CR5","unstructured":"Android Developer: Intents and intent filters. https:\/\/developer.android.com\/guide\/components\/intents-filters.html . Accessed 28 Mar 2017"},{"key":"15_CR6","unstructured":"Android Developer: Manifest.permission \u2013 READ_EXTERNAL_STORAGE. https:\/\/developer.android.com\/reference\/android\/Manifest.permission.html#READ_EXTERNAL_STORAGE . Accessed 28 Mar 2017"},{"key":"15_CR7","unstructured":"Android Developer: Manifest.permission \u2013 SYSTEM_ALERT_WINDOW. https:\/\/developer.android.com\/reference\/android\/Manifest.permission.html#SYSTEM_ALERT_WINDOW . Accessed 28 Mar 2017"},{"key":"15_CR8","unstructured":"Android Developer: Multi-window support. https:\/\/developer.android.com\/guide\/topics\/ui\/multi-window.html . Accessed 28 Mar 2017"},{"key":"15_CR9","unstructured":"Android Developer: Notification.builder. https:\/\/developer.android.com\/reference\/android\/app\/Notification.Builder.html . Accessed 28 Mar 2017"},{"key":"15_CR10","unstructured":"Android Developer: PackageManager \u2013 getInstalledApplications. https:\/\/developer.android.com\/reference\/android\/content\/pm\/PackageManager.html#getInstalledApplications . Accessed 28 Mar 2017"},{"key":"15_CR11","unstructured":"Android Developer: Settings. https:\/\/developer.android.com\/reference\/android\/provider\/Settings.html#ACTION_MANAGE_OVERLAY_PERMISSION . Accessed 28 Mar 2017"},{"key":"15_CR12","unstructured":"Android Developer: WindowManager. https:\/\/developer.android.com\/reference\/android\/view\/WindowManager.html . Accessed 28 Mar 2017"},{"key":"15_CR13","unstructured":"Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX Conference on Offensive technologies, pp. 1\u20137. USENIX Association (2010)"},{"key":"15_CR14","doi-asserted-by":"crossref","unstructured":"Aviv, A.J., Sapp, B., Blaze, M., Smith, J.M.: Practicality of accelerometer side channels on smartphones. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 41\u201350. ACM (2012)","DOI":"10.1145\/2420950.2420957"},{"key":"15_CR15","unstructured":"Backes, M., Bugiel, S., Derr, E., McDaniel, P., Octeau, D., Weisgerber, S.: On demystifying the android application framework: re-visiting android permission specification analysis. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 1101\u20131118. USENIX Association, Austin (2016)"},{"key":"15_CR16","doi-asserted-by":"crossref","unstructured":"Bianchi, A., Corbetta, J., Invernizzi, L., Fratantonio, Y., Kruegel, C., Vigna, G.: What the app is that? Deception and countermeasures in the android user interface. In: Proceedings of the 2015 IEEE Symposium on Security and Privacy, pp. 931\u2013948. IEEE Computer Society (2015)","DOI":"10.1109\/SP.2015.62"},{"key":"15_CR17","unstructured":"Chen, J., Chen, H., Bauman, E., Lin, Z., Zang, B., Guan, H.: You shouldn\u2019t collect my secrets: thwarting sensitive keystroke leakage in mobile IME apps. In: 24th USENIX Security Symposium (USENIX Security 2015), pp. 657\u2013690. USENIX Association, Washington, D.C. (2015)"},{"key":"15_CR18","unstructured":"Chen, Q.A., Qian, Z., Mao, Z.M.: Peeking into your app without actually seeing it: UI state inference and novel android attacks. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 1037\u20131052. USENIX Association, San Diego (2014)"},{"issue":"2","key":"15_CR19","doi-asserted-by":"crossref","first-page":"998","DOI":"10.1109\/COMST.2014.2386139","volume":"17","author":"P Faruki","year":"2015","unstructured":"Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M.S., Conti, M., Rajarajan, M.: Android security: a survey of issues, malware penetration, and defenses. IEEE Commun. Surv. Tutorials 17(2), 998\u20131022 (2015)","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"15_CR20","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3\u201314. ACM (2011)","DOI":"10.1145\/2046614.2046618"},{"key":"15_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-662-54970-4_3","volume-title":"Financial Cryptography and Data Security","author":"E Fernandes","year":"2017","unstructured":"Fernandes, E., Chen, Q.A., Paupore, J., Essl, G., Halderman, J.A., Mao, Z.M., Prakash, A.: Android UI deception revisited: attacks and defenses. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 41\u201359. Springer, Heidelberg (2017). doi: 10.1007\/978-3-662-54970-4_3"},{"key":"15_CR22","unstructured":"Johnson, K.: Revisiting android tapjacking (2011). https:\/\/nvisium.com\/blog\/2011\/05\/26\/revisiting-android-tapjacking\/"},{"key":"15_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"511","DOI":"10.1007\/978-3-642-13708-2_30","volume-title":"Applied Cryptography and Network Security","author":"EJ Kartaltepe","year":"2010","unstructured":"Kartaltepe, E.J., Morales, J.A., Xu, S., Sandhu, R.: Social network-based botnet command-and-control: emerging threats and countermeasures. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 511\u2013528. Springer, Heidelberg (2010). doi: 10.1007\/978-3-642-13708-2_30"},{"key":"15_CR24","unstructured":"Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., Mangard, S.: Armageddon: cache attacks on mobile devices. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 549\u2013564. USENIX Association, Austin (2016)"},{"key":"15_CR25","doi-asserted-by":"crossref","unstructured":"Liu, J., Wang, Y., Kar, G., Chen, Y., Yang, J., Gruteser, M.: Snooping keystrokes with mm-level audio ranging on a single phone. In: Proceedings of the 21st Annual International Conference on Mobile Computing and Networking, pp. 142\u2013154. ACM (2015)","DOI":"10.1145\/2789168.2790122"},{"key":"15_CR26","doi-asserted-by":"crossref","unstructured":"Liu, X., Zhou, Z., Diao, W., Li, Z., Zhang, K.: When good becomes evil: keystroke inference with smartwatch. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1273\u20131285. ACM (2015)","DOI":"10.1145\/2810103.2813668"},{"key":"15_CR27","unstructured":"Lockheimer, H.: Android and security. http:\/\/googlemobile.blogspot.com\/2012\/02\/android-and-security.html . Accessed 28 Mar 2017"},{"key":"15_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1007\/978-3-319-45744-4_11","volume-title":"Computer Security \u2013 ESORICS 2016","author":"L Malisa","year":"2016","unstructured":"Malisa, L., Kostiainen, K., Och, M., Capkun, S.: Mobile application impersonation detection using dynamic user interface extraction. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 217\u2013237. Springer, Cham (2016). doi: 10.1007\/978-3-319-45744-4_11"},{"key":"15_CR29","doi-asserted-by":"crossref","unstructured":"Marforio, C., Masti, R.J., Soriente, C., Kostiainen, K., Capkun, S.: Hardened setup of personalized security indicators to counter phishing attacks in mobile banking. In: Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 83\u201392. ACM (2016)","DOI":"10.1145\/2994459.2994462"},{"key":"15_CR30","unstructured":"Niemietz, M., Schwenk, J.: UI redressing attacks on android devices, blackHat Abu Dhabi (2012)"},{"key":"15_CR31","unstructured":"Oberheide, J., Miller, C.: Dissecting the android bouncer. In: SummerCon (2012)"},{"key":"15_CR32","unstructured":"Richardson, D.: Android tapjacking vulnerability (2010). https:\/\/blog.lookout.com\/look-10-007-tapjacking\/"},{"key":"15_CR33","doi-asserted-by":"crossref","unstructured":"Shukla, D., Kumar, R., Serwadda, A., Phoha, V.V.: Beware, your hands reveal your secrets! In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 904\u2013917. ACM, New York (2014)","DOI":"10.1145\/2660267.2660360"},{"key":"15_CR34","doi-asserted-by":"crossref","unstructured":"Simon, L., Anderson, R.: Pin skimmer: inferring pins through the camera and microphone. In: Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 67\u201378. ACM (2013)","DOI":"10.1145\/2516760.2516770"},{"key":"15_CR35","unstructured":"Van Bruggen, D.: Studying the impact of security awareness efforts on user behavior. Ph.D. thesis, University of Notre Dame (2014)"},{"key":"15_CR36","unstructured":"Vidas, T., Votipka, D., Christin, N.: All your droid are belong to us: a survey of current android attacks. In: Proceedings of the 5th USENIX Conference on Offensive Technologies, p. 10. USENIX Association (2011)"},{"key":"15_CR37","doi-asserted-by":"crossref","unstructured":"Wu, L., Brandt, B., Du, X., Ji, B.: Analysis of clickjacking attacks and an effective defense scheme for android devices. In: IEEE Conference on Communications and Network Security. IEEE (2016)","DOI":"10.1109\/CNS.2016.7860470"},{"issue":"8","key":"15_CR38","doi-asserted-by":"crossref","first-page":"6678","DOI":"10.1109\/TVT.2015.2472993","volume":"65","author":"L Wu","year":"2016","unstructured":"Wu, L., Du, X., Wu, J.: Effective defense schemes for phishing attacks on mobile computing platforms. IEEE Trans. Veh. Technol. 65(8), 6678\u20136691 (2016)","journal-title":"IEEE Trans. Veh. Technol."},{"key":"15_CR39","doi-asserted-by":"crossref","unstructured":"Xu, Z., Bai, K., Zhu, S.: Taplogger: inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 113\u2013124. ACM (2012)","DOI":"10.1145\/2185448.2185465"},{"key":"15_CR40","doi-asserted-by":"crossref","unstructured":"Ye, G., Tang, Z., Fang, D., Chen, X., Kim, K.I., Taylor, B., Wang, Z.: Cracking android pattern lock in five attempts (2017)","DOI":"10.14722\/ndss.2017.23130"},{"key":"15_CR41","doi-asserted-by":"crossref","unstructured":"Ying, L., Cheng, Y., Lu, Y., Gu, Y., Su, P., Feng, D.: Attacks and defence on android free floating windows. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 759\u2013770. ACM (2016)","DOI":"10.1145\/2897845.2897897"},{"key":"15_CR42","first-page":"8793025:1","volume":"2016","author":"J Zhang","year":"2016","unstructured":"Zhang, J., Zheng, X., Tang, Z., Xing, T., Chen, X., Fang, D., Li, R., Gong, X., Chen, F.: Privacy leakage in mobile sensing: your unlock passwords can be leaked through wireless hotspot functionality. Mobile Inf. Syst. 2016, 8793025:1\u20138793025:14 (2016)","journal-title":"Mobile Inf. Syst."}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-66332-6_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,4]],"date-time":"2019-10-04T09:18:59Z","timestamp":1570180739000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-66332-6_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319663319","9783319663326"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-66332-6_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}