{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T02:38:24Z","timestamp":1769740704241,"version":"3.49.0"},"reference-count":66,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2020,12,22]],"date-time":"2020-12-22T00:00:00Z","timestamp":1608595200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100002790","name":"Canadian Network for Research and Innovation in Machining Technology, Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","award":["N01347"],"award-info":[{"award-number":["N01347"]}],"id":[{"id":"10.13039\/501100002790","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Digital Threats"],"published-print":{"date-parts":[[2020,12,31]]},"abstract":"<jats:p>Apps on modern mobile operating systems can access various system resources with, or without, an explicit user permission. Although the OS generally maintains strict separation between apps, an app can still get access to another app\u2019s private information, such as the user input, through numerous side-channels. For example, keystrokes and swipe gestures from a victim app can be inferred indirectly from the accelerometer or gyroscope output, allowing a zero-permission app to learn sensitive inputs such as passwords from the victim\u2019s app. Current mobile OSes allow an app to defend itself in such situations only in some exceptional cases\u2014e.g., by blocking screenshot captures in Android.<\/jats:p>\n          <jats:p>\n            In this article, we propose a general mechanism for apps to defend themselves from any unwanted implicit or explicit interference from other concurrently running apps. Our AppVeto solution enables an app developer to easily configure an app\u2019s requirements for a\n            <jats:italic>safe<\/jats:italic>\n            environment; a foreground app can request the OS to\n            <jats:italic>disallow<\/jats:italic>\n            access\u2014i.e., to enable veto powers\u2014to selected side-channel-prone resources to\n            <jats:italic>all<\/jats:italic>\n            other running apps for a certain (short) duration, e.g., no access to the accelerometer during password input. In a sense, we enable a finer-grained access control policy than the current runtime permission model. We implement AppVeto on Android using the Xposed framework and Procedure Linkage Table\u00a0hooking techniques, without changing Android APIs. Furthermore, we show that AppVeto imposes negligible overhead, while being effective against several well-known side-channel attacks\u2014implemented via\n            <jats:italic>both<\/jats:italic>\n            Android Java and\/or Native APIs.\n          <\/jats:p>","DOI":"10.1145\/3416124","type":"journal-article","created":{"date-parts":[[2020,12,22]],"date-time":"2020-12-22T22:11:26Z","timestamp":1608675086000},"page":"1-29","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Securing Applications against Side-channel Attacks through Resource Access Veto"],"prefix":"10.1145","volume":"1","author":[{"given":"Tousif","family":"Osman","sequence":"first","affiliation":[{"name":"Concordia University, Montreal, QC, Canada"}]},{"given":"Mohammad","family":"Mannan","sequence":"additional","affiliation":[{"name":"Concordia University, Montreal, QC, Canada"}]},{"given":"Urs","family":"Hengartner","sequence":"additional","affiliation":[{"name":"University of Waterloo, Ontario, Canada"}]},{"given":"Amr","family":"Youssef","sequence":"additional","affiliation":[{"name":"Concordia University, Montreal, QC, Canada"}]}],"member":"320","published-online":{"date-parts":[[2020,12,22]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"The Shellcoder\u2019s Handbook: Discovering and Exploiting Security Holes","author":"Anley Chris","unstructured":"Chris Anley , John Heasman , Felix Lindner , and Gerardo Richarte . 2007. The Shellcoder\u2019s Handbook: Discovering and Exploiting Security Holes ( 2 nd ed.). Wiley . Chris Anley, John Heasman, Felix Lindner, and Gerardo Richarte. 2007. The Shellcoder\u2019s Handbook: Discovering and Exploiting Security Holes (2nd ed.). Wiley.","edition":"2"},{"key":"e_1_2_1_2_1","unstructured":"Apple Inc. 2020. About privacy and Location Services in iOS and iPadOS. Retrieved from https:\/\/support.apple.com\/en-us\/HT203033.  Apple Inc. 2020. About privacy and Location Services in iOS and iPadOS. Retrieved from https:\/\/support.apple.com\/en-us\/HT203033."},{"key":"e_1_2_1_3_1","unstructured":"Apple Inc. 2020. Requesting Permission-App Architecture-iOS-Human Interface Guidelines-Apple Developer. Retrieved from https:\/\/developer.apple.com\/design\/human-interface-guidelines\/ios\/app-architecture\/requesting-permission\/.  Apple Inc. 2020. Requesting Permission-App Architecture-iOS-Human Interface Guidelines-Apple Developer. Retrieved from https:\/\/developer.apple.com\/design\/human-interface-guidelines\/ios\/app-architecture\/requesting-permission\/."},{"key":"e_1_2_1_4_1","volume-title":"Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC\u201912)","author":"Aviv Adam J.","unstructured":"Adam J. Aviv , Benjamin Sapp , Matt Blaze , and Jonathan M. Smith . 2012. Practicality of accelerometer side channels on smartphones . In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC\u201912) . 41--50. Adam J. Aviv, Benjamin Sapp, Matt Blaze, and Jonathan M. Smith. 2012. Practicality of accelerometer side channels on smartphones. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC\u201912). 41--50."},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201920)","author":"Ba Zhongjie","year":"2020","unstructured":"Zhongjie Ba , Tianhang Zheng , Xinyu Zhang , Zhan Qin , Baochun Li , Xue Liu , and Kui Ren . 2020 . Learning-based practical smartphone eavesdropping with built-in accelerometer . In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201920) . Zhongjie Ba, Tianhang Zheng, Xinyu Zhang, Zhan Qin, Baochun Li, Xue Liu, and Kui Ren. 2020. Learning-based practical smartphone eavesdropping with built-in accelerometer. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201920)."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/2534766.2534778"},{"key":"e_1_2_1_7_1","unstructured":"caikelun. 2020. Android PLT hook overview. Retrieved from https:\/\/github.com\/iqiyi\/xHook\/blob\/master\/docs\/overview\/android_plt_hook_overview.zh-CN.md (in Chinese).  caikelun. 2020. Android PLT hook overview. Retrieved from https:\/\/github.com\/iqiyi\/xHook\/blob\/master\/docs\/overview\/android_plt_hook_overview.zh-CN.md (in Chinese)."},{"key":"e_1_2_1_8_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201915)","author":"Demetriou Soteris","unstructured":"Soteris Demetriou , Zhou Xiaoyong , Muhammad Naveed , Yeonjoon Lee , Kan Yuan , XiaoFeng Wang , and Carl A. Gunter . 2015. What\u2019s in your dongle and bank account? Mandatory and discretionary protection of Android external resources . In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201915) . Soteris Demetriou, Zhou Xiaoyong, Muhammad Naveed, Yeonjoon Lee, Kan Yuan, XiaoFeng Wang, and Carl A. Gunter. 2015. What\u2019s in your dongle and bank account? Mandatory and discretionary protection of Android external resources. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201915)."},{"key":"e_1_2_1_9_1","unstructured":"Ele7enxxh. 2020. Android ARM Inline Hook. http:\/\/ele7enxxh.com\/Android-Arm-Inline-Hook.html (in Chinese).  Ele7enxxh. 2020. Android ARM Inline Hook. http:\/\/ele7enxxh.com\/Android-Arm-Inline-Hook.html (in Chinese)."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2335356.2335360"},{"key":"e_1_2_1_11_1","unstructured":"Google. 2020. Oboe. Retrieved from https:\/\/github.com\/google\/oboe.  Google. 2020. Oboe. Retrieved from https:\/\/github.com\/google\/oboe."},{"key":"e_1_2_1_12_1","unstructured":"Google Developers. 2019. Behavior changes: All apps. Retrieved from https:\/\/developer.android.com\/about\/versions\/pie\/android-9.0-changes-all.  Google Developers. 2019. Behavior changes: All apps. Retrieved from https:\/\/developer.android.com\/about\/versions\/pie\/android-9.0-changes-all."},{"key":"e_1_2_1_13_1","unstructured":"Google Developers. 2019. HAL interface. Retrieved from https:\/\/source.android.com\/devices\/sensors\/hal-interface.html.  Google Developers. 2019. HAL interface. Retrieved from https:\/\/source.android.com\/devices\/sensors\/hal-interface.html."},{"key":"e_1_2_1_14_1","unstructured":"Google Developers. 2019. Services overview. Retrieved from https:\/\/developer.android.com\/guide\/components\/services.html#Foreground.  Google Developers. 2019. Services overview. Retrieved from https:\/\/developer.android.com\/guide\/components\/services.html#Foreground."},{"key":"e_1_2_1_15_1","unstructured":"Google Developers. 2020. Android ABIs. Retrieved from https:\/\/developer.android.com\/ndk\/guides\/abis.  Google Developers. 2020. Android ABIs. Retrieved from https:\/\/developer.android.com\/ndk\/guides\/abis."},{"key":"e_1_2_1_16_1","unstructured":"Google Developers. 2020. Android NDK. Retrieved from https:\/\/developer.android.com\/ndk\/.  Google Developers. 2020. Android NDK. Retrieved from https:\/\/developer.android.com\/ndk\/."},{"key":"e_1_2_1_17_1","unstructured":"Google Developers. 2020. Android NDK Native APIs. Retrieved from https:\/\/developer.android.com\/ndk\/guides\/stable_apis.html.  Google Developers. 2020. Android NDK Native APIs. Retrieved from https:\/\/developer.android.com\/ndk\/guides\/stable_apis.html."},{"key":"e_1_2_1_18_1","unstructured":"Google Developers. 2020. API reference. Retrieved from https:\/\/developer.android.com\/reference.  Google Developers. 2020. API reference. Retrieved from https:\/\/developer.android.com\/reference."},{"key":"e_1_2_1_19_1","unstructured":"Google Developers. 2020. Developer Guides. Retrieved from https:\/\/developer.android.com\/guide\/.  Google Developers. 2020. Developer Guides. Retrieved from https:\/\/developer.android.com\/guide\/."},{"key":"e_1_2_1_20_1","unstructured":"Google Developers. 2020. Permissions overview. Retrieved from https:\/\/developer.android.com\/guide\/topics\/permissions\/overview.  Google Developers. 2020. Permissions overview. Retrieved from https:\/\/developer.android.com\/guide\/topics\/permissions\/overview."},{"key":"e_1_2_1_21_1","unstructured":"Google Developers. 2020. Platform Architecture. Retrieved from https:\/\/developer.android.com\/guide\/platform\/.  Google Developers. 2020. Platform Architecture. Retrieved from https:\/\/developer.android.com\/guide\/platform\/."},{"key":"e_1_2_1_22_1","unstructured":"Google Developers. 2020. Privacy changes in Android 10. Retrieved from https:\/\/developer.android.com\/about\/versions\/10\/privacy\/changes#app-access-device-location.  Google Developers. 2020. Privacy changes in Android 10. Retrieved from https:\/\/developer.android.com\/about\/versions\/10\/privacy\/changes#app-access-device-location."},{"key":"e_1_2_1_23_1","unstructured":"Google Developers. 2020. Privacy in Android 11. Retrieved from https:\/\/developer.android.com\/preview\/privacy.  Google Developers. 2020. Privacy in Android 11. Retrieved from https:\/\/developer.android.com\/preview\/privacy."},{"key":"e_1_2_1_24_1","unstructured":"Googlesource.com. 2019. core\/java\/android\/hardware\/SystemSensorManager.java-platform\/frameworks\/base-Git at Google. Retrieved from https:\/\/android.googlesource.com\/platform\/frameworks\/base\/+\/refs\/heads\/master\/core\/java\/android\/hardware\/SystemSensorManager.java#778.  Googlesource.com. 2019. core\/java\/android\/hardware\/SystemSensorManager.java-platform\/frameworks\/base-Git at Google. Retrieved from https:\/\/android.googlesource.com\/platform\/frameworks\/base\/+\/refs\/heads\/master\/core\/java\/android\/hardware\/SystemSensorManager.java#778."},{"key":"e_1_2_1_25_1","unstructured":"Googlesource.com. 2019. include\/hardware\/sensors.h-platform\/hardware\/libhardware-Git at Google. Retrieved from https:\/\/android.googlesource.com\/platform\/hardware\/libhardware\/+\/master\/include\/hardware\/sensors.h.  Googlesource.com. 2019. include\/hardware\/sensors.h-platform\/hardware\/libhardware-Git at Google. Retrieved from https:\/\/android.googlesource.com\/platform\/hardware\/libhardware\/+\/master\/include\/hardware\/sensors.h."},{"key":"e_1_2_1_26_1","unstructured":"Googlesource.com. 2020. Error.h. Retrieved from https:\/\/android.googlesource.com\/platform\/system\/core\/+\/refs\/heads\/master\/libutils\/include\/utils\/Errors.h.  Googlesource.com. 2020. Error.h. Retrieved from https:\/\/android.googlesource.com\/platform\/system\/core\/+\/refs\/heads\/master\/libutils\/include\/utils\/Errors.h."},{"key":"e_1_2_1_27_1","unstructured":"GToad. 2020. Android Native Hook tool practice. Retrieved from https:\/\/gtoad.github.io\/2018\/07\/06\/Android-Native-Hook-Practice\/ (in Chinese).  GToad. 2020. Android Native Hook tool practice. Retrieved from https:\/\/gtoad.github.io\/2018\/07\/06\/Android-Native-Hook-Practice\/ (in Chinese)."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484373"},{"key":"e_1_2_1_29_1","doi-asserted-by":"crossref","unstructured":"Andrew Hoog. 2011. Chapter 6\u2014Android forensic techniques. In Android Forensics Andrew Hoog (Ed.). Syngress Boston 195--284. Retrieved from http:\/\/www.sciencedirect.com\/science\/article\/pii\/B9781597496513100068.  Andrew Hoog. 2011. Chapter 6\u2014Android forensic techniques. In Android Forensics Andrew Hoog (Ed.). Syngress Boston 195--284. Retrieved from http:\/\/www.sciencedirect.com\/science\/article\/pii\/B9781597496513100068.","DOI":"10.1016\/B978-1-59749-651-3.10006-8"},{"key":"e_1_2_1_30_1","volume-title":"Cyberspace Safety and Security","author":"Jiang Hongwei","unstructured":"Hongwei Jiang , Kai Yang , Lianfang Wang , Jinbao Gao , and Sikang Hu. 2019. A code protection scheme via inline hooking for Android applications . In Cyberspace Safety and Security . Springer , Cham , 102--116. Hongwei Jiang, Kai Yang, Lianfang Wang, Jinbao Gao, and Sikang Hu. 2019. A code protection scheme via inline hooking for Android applications. In Cyberspace Safety and Security. Springer, Cham, 102--116."},{"key":"e_1_2_1_31_1","volume-title":"Martin","author":"Jurafsky Dan","year":"2009","unstructured":"Dan Jurafsky and James H . Martin . 2009 . Speech and Language Processing: An Introduction to Natural Language Processing, Computational Linguistics, and Speech Recognition (2nd ed.). Pearson Prentice Hall . 988 pages. Dan Jurafsky and James H. Martin. 2009. Speech and Language Processing: An Introduction to Natural Language Processing, Computational Linguistics, and Speech Recognition (2nd ed.). Pearson Prentice Hall. 988 pages."},{"key":"e_1_2_1_32_1","unstructured":"Michael Kerrisk. 2010. The Linux Programming Interface a Linux und UNIX System Programming Handbook. No Starch Press.  Michael Kerrisk. 2010. The Linux Programming Interface a Linux und UNIX System Programming Handbook. No Starch Press."},{"key":"e_1_2_1_33_1","unstructured":"Khronos Group. 2020. OpenSL ES. Retrieved from https:\/\/www.khronos.org\/opensles\/.  Khronos Group. 2020. OpenSL ES. Retrieved from https:\/\/www.khronos.org\/opensles\/."},{"key":"e_1_2_1_34_1","volume-title":"Linkers 8 Loaders","author":"Levine John R.","unstructured":"John R. Levine . 1999. Linkers 8 Loaders ( 1 st ed.). Morgan Kaufmann . John R. Levine. 1999. Linkers 8 Loaders (1st ed.). Morgan Kaufmann.","edition":"1"},{"key":"e_1_2_1_35_1","unstructured":"M66B. 2020. XPrivacy. Retrieved from https:\/\/github.com\/M66B\/XPrivacy.  M66B. 2020. XPrivacy. Retrieved from https:\/\/github.com\/M66B\/XPrivacy."},{"key":"e_1_2_1_36_1","unstructured":"M66B. 2020. XPrivacyLua. Retrieved from https:\/\/github.com\/M66B\/XPrivacyLua.  M66B. 2020. XPrivacyLua. Retrieved from https:\/\/github.com\/M66B\/XPrivacyLua."},{"key":"e_1_2_1_37_1","unstructured":"MagiskRoot. 2020. Download Xposed for Android Pie 9.0. Retrieved from https:\/\/magiskroot.net\/download-xposed-for-android-pie\/.  MagiskRoot. 2020. Download Xposed for Android Pie 9.0. Retrieved from https:\/\/magiskroot.net\/download-xposed-for-android-pie\/."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2307636.2307666"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523679"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3313391"},{"key":"e_1_2_1_41_1","unstructured":"Oracle.com. 2020. ByteBuffer (Java Platform SE 7). Retrieved from https:\/\/docs.oracle.com\/javase\/7\/docs\/api\/java\/nio\/ByteBuffer.html.  Oracle.com. 2020. ByteBuffer (Java Platform SE 7). Retrieved from https:\/\/docs.oracle.com\/javase\/7\/docs\/api\/java\/nio\/ByteBuffer.html."},{"key":"e_1_2_1_42_1","unstructured":"Oracle.com. 2020. Java native interface specification. Retrieved from https:\/\/docs.oracle.com\/en\/java\/javase\/13\/docs\/specs\/jni\/intro.html.  Oracle.com. 2020. Java native interface specification. Retrieved from https:\/\/docs.oracle.com\/en\/java\/javase\/13\/docs\/specs\/jni\/intro.html."},{"key":"e_1_2_1_43_1","volume-title":"Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC\u201919)","author":"Osman Tousif","year":"2019","unstructured":"Tousif Osman , Mohammad Mannan , Urs Hengartner , and Amr Youssef . 2019 . AppVeto: Mobile application self-defense through resource access veto . In Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC\u201919) . 366--377. Tousif Osman, Mohammad Mannan, Urs Hengartner, and Amr Youssef. 2019. AppVeto: Mobile application self-defense through resource access veto. In Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC\u201919). 366--377."},{"key":"e_1_2_1_44_1","volume-title":"Proceedings of the 12th Workshop on Mobile Computing Systems 8 Applications (HotMobile\u201912)","author":"Owusu Emmanuel","year":"2012","unstructured":"Emmanuel Owusu , Jun Han , Sauvik Das , Adrian Perrig , and Joy Zhang . 2012 . ACCessory: Password inference using accelerometers on smartphones . In Proceedings of the 12th Workshop on Mobile Computing Systems 8 Applications (HotMobile\u201912) . 9:1--9:6. Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig, and Joy Zhang. 2012. ACCessory: Password inference using accelerometers on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems 8 Applications (HotMobile\u201912). 9:1--9:6."},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818005"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2766498.2766511"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046769"},{"key":"e_1_2_1_48_1","volume-title":"PINPOINT: Efficient and effective resource isolation for mobile security and privacy.","author":"Ratazzi Paul","year":"2019","unstructured":"Paul Ratazzi , Ashok Bommisetti , Nian Ji , and Wenliang Du . 2019 . PINPOINT: Efficient and effective resource isolation for mobile security and privacy. Retrieved from http:\/\/arxiv.org\/abs\/1901.07732. Paul Ratazzi, Ashok Bommisetti, Nian Ji, and Wenliang Du. 2019. PINPOINT: Efficient and effective resource isolation for mobile security and privacy. Retrieved from http:\/\/arxiv.org\/abs\/1901.07732."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3197231.3197236"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.06.013"},{"key":"e_1_2_1_51_1","volume-title":"Proceedings of the 9th ACM Conference on Security 8 Privacy in Wireless and Mobile Networks (WiSec\u201916)","author":"Shrestha Prakash","year":"2016","unstructured":"Prakash Shrestha , Manar Mohamed , and Nitesh Saxena . 2016 . Slogger: Smashing motion-based touchstroke logging with transparent system noise . In Proceedings of the 9th ACM Conference on Security 8 Privacy in Wireless and Mobile Networks (WiSec\u201916) . 67--77. Prakash Shrestha, Manar Mohamed, and Nitesh Saxena. 2016. Slogger: Smashing motion-based touchstroke logging with transparent system noise. In Proceedings of the 9th ACM Conference on Security 8 Privacy in Wireless and Mobile Networks (WiSec\u201916). 67--77."},{"key":"e_1_2_1_52_1","unstructured":"Ilia Shumailov Laurent Simon Jeff Yan and Ross Anderson. 2019. Hearing your touch: A new acoustic side channel on smartphones. Retrieved from http:\/\/arxiv.org\/abs\/1903.11137.  Ilia Shumailov Laurent Simon Jeff Yan and Ross Anderson. 2019. Hearing your touch: A new acoustic side channel on smartphones. Retrieved from http:\/\/arxiv.org\/abs\/1903.11137."},{"key":"e_1_2_1_53_1","unstructured":"Amit Kumar Sikder Giuseppe Petracca Hidayet Aksu Trent Jaeger and A. Selcuk Uluagac. 2018. A survey on sensor-based threats to Internet-of-Things (IoT) devices and applications. Retrieved from http:\/\/arxiv.org\/abs\/1802.02041.  Amit Kumar Sikder Giuseppe Petracca Hidayet Aksu Trent Jaeger and A. Selcuk Uluagac. 2018. A survey on sensor-based threats to Internet-of-Things (IoT) devices and applications. Retrieved from http:\/\/arxiv.org\/abs\/1802.02041."},{"key":"e_1_2_1_54_1","volume-title":"Proceedings of the 3rd ACM Workshop on Security and Privacy in Smartphones 8 Mobile Devices (SPSM\u201913)","author":"Simon Laurent","year":"2013","unstructured":"Laurent Simon and Ross Anderson . 2013 . PIN Skimmer: Inferring PINs through the camera and microphone . In Proceedings of the 3rd ACM Workshop on Security and Privacy in Smartphones 8 Mobile Devices (SPSM\u201913) . 67--78. Laurent Simon and Ross Anderson. 2013. PIN Skimmer: Inferring PINs through the camera and microphone. In Proceedings of the 3rd ACM Workshop on Security and Privacy in Smartphones 8 Mobile Devices (SPSM\u201913). 67--78."},{"key":"e_1_2_1_55_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201913)","author":"Smalley Stephen","year":"2013","unstructured":"Stephen Smalley and Robert Craig . 2013 . Security enhanced (SE) Android: Bringing flexible MAC to Android . In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201913) . Stephen Smalley and Robert Craig. 2013. Security enhanced (SE) Android: Bringing flexible MAC to Android. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201913)."},{"key":"e_1_2_1_56_1","volume-title":"Proceedings of the IEEE Mobile Security Technologies Workshop (MoST\u201914)","author":"Song Yihang","year":"2014","unstructured":"Yihang Song , Madhur Kukreti , Rahul Rawat , and Urs Hengartner . 2014 . Two novel defenses against motion-based keystroke inference attacks . In Proceedings of the IEEE Mobile Security Technologies Workshop (MoST\u201914) . Yihang Song, Madhur Kukreti, Rahul Rawat, and Urs Hengartner. 2014. Two novel defenses against motion-based keystroke inference attacks. In Proceedings of the IEEE Mobile Security Technologies Workshop (MoST\u201914)."},{"key":"e_1_2_1_57_1","volume-title":"Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones 8 Mobile Devices (SPSM\u201914)","author":"Spreitzer Raphael","year":"2014","unstructured":"Raphael Spreitzer . 2014 . PIN skimming: Exploiting the ambient-light sensor in mobile devices . In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones 8 Mobile Devices (SPSM\u201914) . 51--62. Raphael Spreitzer. 2014. PIN skimming: Exploiting the ambient-light sensor in mobile devices. In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones 8 Mobile Devices (SPSM\u201914). 51--62."},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2017.2779824"},{"key":"e_1_2_1_59_1","unstructured":"Don Turner. 2019. Android Developers Blog: Capturing Audio in Android Q. Retrieved from https:\/\/android-developers.googleblog.com\/2019\/07\/capturing-audio-in-android-q.html.  Don Turner. 2019. Android Developers Blog: Capturing Audio in Android Q. Retrieved from https:\/\/android-developers.googleblog.com\/2019\/07\/capturing-audio-in-android-q.html."},{"key":"e_1_2_1_60_1","unstructured":"XDA Developers. 2020. Xposed Framework Hub. Retrieved from https:\/\/www.xda-developers.com\/xposed-framework-hub\/.  XDA Developers. 2020. Xposed Framework Hub. Retrieved from https:\/\/www.xda-developers.com\/xposed-framework-hub\/."},{"key":"e_1_2_1_61_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201919)","author":"Xu Fenghao","year":"2019","unstructured":"Fenghao Xu , Wenrui Diao , Zhou Li , Jiongyi Chen , and Kehuan Zhang . 2019 . BadBluetooth: Breaking Android security mechanisms via malicious Bluetooth peripherals . In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201919) . Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen, and Kehuan Zhang. 2019. BadBluetooth: Breaking Android security mechanisms via malicious Bluetooth peripherals. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201919)."},{"key":"e_1_2_1_62_1","volume-title":"Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec\u201912)","author":"Xu Zhi","year":"2012","unstructured":"Zhi Xu , Kun Bai , and Sencun Zhu . 2012 . TapLogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors . In Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec\u201912) . 113--124. Zhi Xu, Kun Bai, and Sencun Zhu. 2012. TapLogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec\u201912). 113--124."},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/2699026.2699114"},{"key":"e_1_2_1_64_1","unstructured":"Karim Yaghmour. 2013. Embedded Android. O\u2019Reilly Media.  Karim Yaghmour. 2013. Embedded Android. O\u2019Reilly Media."},{"key":"e_1_2_1_65_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy. 915--930","author":"Zhang N.","unstructured":"N. Zhang , K. Yuan , M. Naveed , X. Zhou , and X. Wang . 2015. Leave me alone: App-level protection against runtime information gathering on Android . In Proceedings of the IEEE Symposium on Security and Privacy. 915--930 . N. Zhang, K. Yuan, M. Naveed, X. Zhou, and X. Wang. 2015. Leave me alone: App-level protection against runtime information gathering on Android. In Proceedings of the IEEE Symposium on Security and Privacy. 915--930."},{"key":"e_1_2_1_66_1","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS\u201918)","author":"Zhou Man","year":"2018","unstructured":"Man Zhou , Qian Wang , Jingxiao Yang , Qi Li , Feng Xiao , Zhibo Wang , and Xiaofeng Chen . 2018 . PatternListener: Cracking Android pattern lock using acoustic signals . In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS\u201918) . 1775--1787. Man Zhou, Qian Wang, Jingxiao Yang, Qi Li, Feng Xiao, Zhibo Wang, and Xiaofeng Chen. 2018. PatternListener: Cracking Android pattern lock using acoustic signals. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS\u201918). 1775--1787."}],"container-title":["Digital Threats: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3416124","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3416124","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:01:21Z","timestamp":1750197681000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3416124"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,22]]},"references-count":66,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2020,12,31]]}},"alternative-id":["10.1145\/3416124"],"URL":"https:\/\/doi.org\/10.1145\/3416124","relation":{},"ISSN":["2692-1626","2576-5337"],"issn-type":[{"value":"2692-1626","type":"print"},{"value":"2576-5337","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,12,22]]},"assertion":[{"value":"2020-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-08-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-12-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}