{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T13:40:38Z","timestamp":1763732438549,"version":"3.45.0"},"publisher-location":"New York, NY, USA","reference-count":65,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,3]]},"DOI":"10.1145\/3680207.3723482","type":"proceedings-article","created":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T13:19:18Z","timestamp":1763731158000},"page":"407-421","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["WinSpy: Cross-window Side-channel Attacks on Android's Multi-window Mode"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-5160-0885","authenticated-orcid":false,"given":"Zeng","family":"Li","sequence":"first","affiliation":[{"name":"Shandong University, Jinan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4855-1912","authenticated-orcid":false,"given":"Chuan","family":"Yan","sequence":"additional","affiliation":[{"name":"The University of Queensland, Brisbane, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-7090-1493","authenticated-orcid":false,"given":"Liuhuo","family":"Wan","sequence":"additional","affiliation":[{"name":"The University of Queensland, Brisbane, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-7503-1137","authenticated-orcid":false,"given":"Hui","family":"Zhuang","sequence":"additional","affiliation":[{"name":"Shandong University, Qingdao, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7935-886X","authenticated-orcid":false,"given":"Pengfei","family":"Hu","sequence":"additional","affiliation":[{"name":"Shandong University, Qingdao, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6390-9890","authenticated-orcid":false,"given":"Guangdong","family":"Bai","sequence":"additional","affiliation":[{"name":"The University of Queensland, Brisbane, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1385-1480","authenticated-orcid":false,"given":"Yiran","family":"Shen","sequence":"additional","affiliation":[{"name":"Shandong University, Jinan, China"}]}],"member":"320","published-online":{"date-parts":[[2025,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"APKPure.com 2024. APKPure. APKPure.com. https:\/\/apkpure.com\/app-24h Accessed on 2024-09-05."},{"key":"e_1_3_2_1_2_1","unstructured":"2024. The source code of WinSpy and additional evaluation results. https:\/\/github.com\/multiwindowmode\/WinSpy."},{"key":"e_1_3_2_1_3_1","unstructured":"2024. Top Websites - SimilarWeb. https:\/\/www.similarweb.com\/topwebsites\/ Accessed on 2024-09-05."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00066"},{"key":"e_1_3_2_1_5_1","volume-title":"2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC)","volume":"1","author":"AlJarrah Abeer","year":"2016","unstructured":"Abeer AlJarrah and Mohamed Shehab. 2016. Maintaining user interface integrity on Android. In 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), Vol. 1. IEEE, 449\u2013458."},{"key":"e_1_3_2_1_6_1","unstructured":"Android. [n. d.]. Android Normal Permission. https:\/\/developer.android.com\/guide\/topics\/permissions\/overview#normal. Accessed: 2024-09-05."},{"key":"e_1_3_2_1_7_1","unstructured":"Android. 2024. Android Multi-Resume. Android. https:\/\/source.android.com\/docs\/core\/display\/multi_display\/multi-resume"},{"key":"e_1_3_2_1_8_1","volume-title":"Market share of mobile operating systems worldwide from 2009 to","year":"2024","unstructured":"Android. 2024. Market share of mobile operating systems worldwide from 2009 to 2024, by quarter. Android. https:\/\/www.statista.com\/statistics\/272698\/global-market-share-held-by-mobile-operating-systems-since-2009\/"},{"key":"e_1_3_2_1_9_1","unstructured":"Android. 2024. Multi-window support. Android. https:\/\/developer.android.com\/guide\/topics\/large-screens\/multi-window-support"},{"key":"e_1_3_2_1_10_1","volume-title":"Sensors Rate Limiting. Android Developers. https:\/\/developer.android.com\/develop\/sensors-and-location\/sensors\/sensors_overview#sensors-rate-limiting Accessed: 09-03","year":"2024","unstructured":"Android. 2024. Sensors Rate Limiting. Android Developers. https:\/\/developer.android.com\/develop\/sensors-and-location\/sensors\/sensors_overview#sensors-rate-limiting Accessed: 09-03, 2024."},{"key":"e_1_3_2_1_11_1","volume-title":"Sensors Rate Limiting Parameter. Android Developers. https:\/\/developer.android.com\/reference\/android\/hardware\/SensorManager#SENSOR_DELAY_GAME Accessed: 09-05","year":"2024","unstructured":"Android. 2024. Sensors Rate Limiting Parameter. Android Developers. https:\/\/developer.android.com\/reference\/android\/hardware\/SensorManager#SENSOR_DELAY_GAME Accessed: 09-05, 2024."},{"key":"e_1_3_2_1_12_1","unstructured":"Android Developers. 2024. Android 7.0 for Developers. https:\/\/developer.android.com\/about\/versions\/nougat\/android-7.0 Accessed: 2024-09-05."},{"key":"e_1_3_2_1_13_1","unstructured":"Android Developers. 2024. App Sandbox. Available online. https:\/\/source.android.com\/docs\/security\/app-sandbox Accessed: 2024-09-05."},{"key":"e_1_3_2_1_14_1","unstructured":"Android Developers. 2024. Processes and Threads. Available online. https:\/\/developer.android.com\/guide\/components\/processes-and-threads Accessed: 2024-09-05."},{"key":"e_1_3_2_1_15_1","unstructured":"AppBrain. 2023. The most common Android OS versions currently installed on Android devices (phones and tablets) used by AppBrain SDK users. https:\/\/www.appbrain.com\/stats\/top-android-sdk-versions"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420957"},{"key":"e_1_3_2_1_17_1","volume-title":"Side channels enabled by smartphone interaction. Ph. D. Dissertation. Ph. D. dissertation","author":"Aviv Adam J","unstructured":"Adam J Aviv and Jonathan M Smith. 2012. Side channels enabled by smartphone interaction. Ph. D. Dissertation. Ph. D. dissertation, Pennsylvania State University."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24076"},{"key":"e_1_3_2_1_19_1","unstructured":"Daniel Bader. 2018. Multi-Window on phones is the best Android feature you're probably not using. https:\/\/www.androidcentral.com\/multi-window-phones-best-android-features Accessed: 2024-09-05."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.62"},{"key":"e_1_3_2_1_21_1","volume-title":"6th USENIX Workshop on Hot Topics in Security (HotSec 11)","author":"Cai Liang","year":"2011","unstructured":"Liang Cai and Hao Chen. 2011. {TouchLogger}: Inferring Keystrokes on Touch Screen from Smartphone Motion. In 6th USENIX Workshop on Hot Topics in Security (HotSec 11)."},{"key":"e_1_3_2_1_22_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Chen Qi Alfred","year":"2014","unstructured":"Qi Alfred Chen, Zhiyun Qian, and Z Morley Mao. 2014. Peeking into your app without actually seeing it:{UI} state inference and novel android attacks. In 23rd USENIX Security Symposium (USENIX Security 14). 1037\u20131052."},{"key":"e_1_3_2_1_23_1","volume-title":"IEEE INFOCOM 2017-IEEE Conference on Computer Communications. IEEE, 1\u20139.","author":"Chen Yimin","year":"2017","unstructured":"Yimin Chen, Xiaocong Jin, Jingchao Sun, Rui Zhang, and Yanchao Zhang. 2017. POWERFUL: Mobile app fingerprinting via power analysis. In IEEE INFOCOM 2017-IEEE Conference on Computer Communications. IEEE, 1\u20139."},{"key":"e_1_3_2_1_24_1","volume-title":"Foldable Devices and App Development: Glimpse of Future","year":"2023","unstructured":"Codiant. 2023. Foldable Devices and App Development: Glimpse of Future 2023. https:\/\/codiant.com\/blog\/foldable-devices-and-app-development-in-future\/ Accessed: 2024-09-05."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485832.3485902"},{"key":"e_1_3_2_1_26_1","unstructured":"Android Developers. 2024. Performance Overview. https:\/\/developer.android.com\/topic\/performance\/overview. Accessed: 2024-09-05."},{"key":"e_1_3_2_1_27_1","unstructured":"Android Developers. 2024. Performance Threads. https:\/\/developer.android.com\/topic\/performance\/threads. Accessed: 2024-09-05."},{"key":"e_1_3_2_1_28_1","unstructured":"Android Developers. 2024. Processes and Threads. https:\/\/developer.android.com\/guide\/components\/processes-and-threads. Accessed: 2024-09-05."},{"key":"e_1_3_2_1_29_1","unstructured":"Android Developers. 2024. Sensors Overview. https:\/\/developer.android.com\/develop\/sensors-and-location\/sensors\/sensors_overview#only-gather-sensor-data-in-the-foreground. Accessed: 2024-09-05."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3564625.3567979"},{"key":"e_1_3_2_1_31_1","unstructured":"Rubens Eishima. 2022. Multi-tasking on Android: How to use split-screen mode. https:\/\/www.nextpit.com\/how-to-split-screen-android-devices Accessed: 2024-09-05."},{"key":"e_1_3_2_1_32_1","unstructured":"Marvin Gabriel. 2023. HUAWEI Mate X3: The Best Foldable Smartphone There Is. https:\/\/techbroll.com\/2023\/05\/huawei-mate-x3-the-best-foldable-smartphone-there-is.html Accessed: 2024-09-05."},{"key":"e_1_3_2_1_33_1","unstructured":"Google. 2024. Android Developers - Activity Lifecycle. https:\/\/developer.android.com\/guide\/components\/activities\/process-lifecycle"},{"key":"e_1_3_2_1_34_1","volume-title":"IEEE Transactions on Dependable and Secure Computing","author":"Guo Chenkai","year":"2025","unstructured":"Chenkai Guo, Tianhong Wang, Qianlu Wang, Naipeng Dong, Xiangyang Luo, and Zheli Liu. 2025. Fratricide! Hijacking in Android Multi-window. IEEE Transactions on Dependable and Secure Computing (2025)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833716"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484733"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3324884.3416547"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897905"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2018.2794984"},{"key":"e_1_3_2_1_40_1","volume-title":"2017 32nd IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE, 263\u2013273","author":"Mathis Bj\u00f6rn","year":"2017","unstructured":"Bj\u00f6rn Mathis, Vitalii Avdiienko, Ezekiel O Soremekun, Marcel B\u00f6hme, and Andreas Zeller. 2017. Detecting information flow by mutating input data. In 2017 32nd IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE, 263\u2013273."},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society. 135\u2013149","author":"Matyunin Nikolay","year":"2019","unstructured":"Nikolay Matyunin, Yujue Wang, Tolga Arul, Kristian Kullmann, Jakub Szefer, and Stefan Katzenbeisser. 2019. Magneticspy: Exploiting magnetometer in mobile devices for website and application fingerprinting. In Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society. 135\u2013149."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2307636.2307666"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243831"},{"key":"e_1_3_2_1_44_1","unstructured":"Gadgets Now. 2020. How to use the multi-window feature on Android smartphones. https:\/\/www.gadgetsnow.com\/how-to\/how-to-use-the-multi-window-feature-on-android-smartphones\/articleshow\/77200949.cms Accessed: 2024-09-05."},{"key":"e_1_3_2_1_45_1","volume-title":"proceedings of the twelfth workshop on mobile computing systems & applications. 1\u20136.","author":"Owusu Emmanuel","year":"2012","unstructured":"Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig, and Joy Zhang. 2012. Accessory: password inference using accelerometers on smart-phones. In proceedings of the twelfth workshop on mobile computing systems & applications. 1\u20136."},{"key":"e_1_3_2_1_46_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Paccagnella Riccardo","year":"2021","unstructured":"Riccardo Paccagnella, Licheng Luo, and Christopher W Fletcher. 2021. Lord of the ring (s): Side channel attacks on the {CPU}{On-Chip} ring interconnect are practical. In 30th USENIX Security Symposium (USENIX Security 21). 645\u2013662."},{"key":"e_1_3_2_1_47_1","volume-title":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE","author":"Palfinger Gerald","year":"2020","unstructured":"Gerald Palfinger, Bernd Pr\u00fcnster, and Dominik Julian Ziegler. 2020. Androtime: Identifying timing side channels in the android api. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 1849\u20131856."},{"key":"e_1_3_2_1_48_1","first-page":"261","article-title":"Handwriting trajectory reconstruction using low-cost imu","volume":"3","author":"Pan Tse-Yu","year":"2018","unstructured":"Tse-Yu Pan, Chih-Hsuan Kuo, Hou-Tim Liu, and Min-Chun Hu. 2018. Handwriting trajectory reconstruction using low-cost imu. IEEE Transactions on Emerging Topics in Computational Intelligence 3, 3 (2018), 261\u2013270.","journal-title":"IEEE Transactions on Emerging Topics in Computational Intelligence"},{"key":"e_1_3_2_1_49_1","unstructured":"Chuangang Ren Peng Liu and Sencun Zhu. 2017. WindowGuard: Systematic Protection of GUI Security in Android.. In NDSS."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3356250.3361939"},{"key":"e_1_3_2_1_51_1","volume-title":"Proceedings of the 2018 on Asia Conference on Computer and Communications Security. 749\u2013763","author":"Spreitzer Raphael","year":"2018","unstructured":"Raphael Spreitzer, Felix Kirchengast, Daniel Gruss, and Stefan Mangard. 2018. Procharvester: Fully automated analysis of procfs side-channel leaks on android. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security. 749\u2013763."},{"key":"e_1_3_2_1_52_1","unstructured":"statistics. 2024. Monthly active users of Alipay. statistics. https:\/\/www.statista.com\/statistics\/1395691\/china-alipay-monthly-active-users\/"},{"key":"e_1_3_2_1_53_1","unstructured":"statistics. 2024. Most popular global mobile messenger apps. statistics. https:\/\/www.statista.com\/statistics\/258749\/most-popular-global-mobile-messenger-apps\/"},{"key":"e_1_3_2_1_54_1","volume-title":"Fingerprint-jacking: Practical fingerprint authorization hijacking in Android apps. Blackhat, Europe, Tech. Rep. Blackhat 2020","author":"Wang Xianbo","year":"2020","unstructured":"Xianbo Wang, Yikang Chen, Ronghai Yang, Shangcheng Shi, and Wing Cheong Lau. 2020. Fingerprint-jacking: Practical fingerprint authorization hijacking in Android apps. Blackhat, Europe, Tech. Rep. Blackhat 2020 (2020)."},{"key":"e_1_3_2_1_55_1","volume-title":"2020 50th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 125\u2013137","author":"Wei Junyi","year":"2020","unstructured":"Junyi Wei, Yicheng Zhang, Zhe Zhou, Zhou Li, and Mohammad Abdullah Al Faruque. 2020. Leaky dnn: Stealing deep-learning model secret with gpu context-switching side-channel. In 2020 50th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 125\u2013137."},{"key":"e_1_3_2_1_56_1","volume-title":"Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. 113\u2013124","author":"Xu Zhi","year":"2012","unstructured":"Zhi Xu, Kun Bai, and Sencun Zhu. 2012. Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. 113\u2013124."},{"key":"e_1_3_2_1_57_1","first-page":"1108","article-title":"The feasibility of injecting inaudible voice commands to voice assistants","volume":"18","author":"Yan Chen","year":"2019","unstructured":"Chen Yan, Guoming Zhang, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, and Wenyuan Xu. 2019. The feasibility of injecting inaudible voice commands to voice assistants. IEEE Transactions on Dependable and Secure Computing 18, 3 (2019), 1108\u20131124.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_2_1_58_1","volume-title":"Proceedings of the 7th Asia-Pacific Symposium on Internetware. 30\u201338","author":"Yan Lin","year":"2015","unstructured":"Lin Yan, Yao Guo, Xiangqun Chen, and Hong Mei. 2015. A study on power side channels on mobile devices. In Proceedings of the 7th Asia-Pacific Symposium on Internetware. 30\u201338."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2639446"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897897"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/2954003"},{"key":"e_1_3_2_1_62_1","volume-title":"USENIX Security Symposium","volume":"20","author":"Zhang Kehuan","year":"2009","unstructured":"Kehuan Zhang and XiaoFeng Wang. 2009. Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems.. In USENIX Security Symposium, Vol. 20. 23."},{"key":"e_1_3_2_1_63_1","volume-title":"2015 IEEE Symposium on Security and Privacy. IEEE, 915\u2013930","author":"Zhang Nan","year":"2015","unstructured":"Nan Zhang, Kan Yuan, Muhammad Naveed, Xiaoyong Zhou, and XiaoFeng Wang. 2015. Leave me alone: App-level protection against runtime information gathering on android. In 2015 IEEE Symposium on Security and Privacy. IEEE, 915\u2013930."},{"key":"e_1_3_2_1_64_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Zhang Yicheng","year":"2023","unstructured":"Yicheng Zhang, Carter Slocum, Jiasi Chen, and Nael Abu-Ghazaleh. 2023. It's all in your head (set): Side-channel attacks on {AR\/VR} systems. In 32nd USENIX Security Symposium (USENIX Security 23). 3979\u20133996."},{"key":"e_1_3_2_1_65_1","volume-title":"Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. 1017\u20131028","author":"Zhou Xiaoyong","year":"2013","unstructured":"Xiaoyong Zhou, Soteris Demetriou, Dongjing He, Muhammad Naveed, Xiaorui Pan, XiaoFeng Wang, Carl A Gunter, and Klara Nahrstedt. 2013. Identity, location, disease and more: Inferring your secrets from android public resources. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. 1017\u20131028."}],"event":{"name":"ACM MOBICOM '25: 31st Annual International Conference on Mobile Computing and Networking","location":"Kerry Hotel, Hong Kong Hong Kong China","acronym":"ACM MOBICOM '25","sponsor":["SIGMOBILE ACM Special Interest Group on Mobility of Systems, Users, Data and Computing"]},"container-title":["Proceedings of the 31st Annual International Conference on Mobile Computing and Networking"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3680207.3723482","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T13:24:34Z","timestamp":1763731474000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3680207.3723482"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,3]]},"references-count":65,"alternative-id":["10.1145\/3680207.3723482","10.1145\/3680207"],"URL":"https:\/\/doi.org\/10.1145\/3680207.3723482","relation":{},"subject":[],"published":{"date-parts":[[2025,11,3]]},"assertion":[{"value":"2025-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}