{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,8,24]],"date-time":"2022-08-24T13:12:31Z","timestamp":1661346751642},"reference-count":35,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2018,6,5]],"date-time":"2018-06-05T00:00:00Z","timestamp":1528156800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecur"],"published-print":{"date-parts":[[2018,12]]},"DOI":"10.1186\/s42400-018-0007-6","type":"journal-article","created":{"date-parts":[[2018,5,29]],"date-time":"2018-05-29T01:58:05Z","timestamp":1527559085000},"update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Using IM-Visor to stop untrusted IME apps from stealing sensitive keystrokes"],"prefix":"10.1186","volume":"1","author":[{"given":"Chen","family":"Tian","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yazhe","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qihui","family":"Zhou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chengyi","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,6,5]]},"reference":[{"issue":"6","key":"7_CR1","doi-asserted-by":"publisher","first-page":"333","DOI":"10.1145\/360825.360855","volume":"18","author":"AV Aho","year":"1975","unstructured":"Aho, AV, Corasick MJ (1975) Efficient string matching: an aid to bibliographic search. Commun ACM 18(6):333\u2013340.","journal-title":"Commun ACM"},{"key":"7_CR2","unstructured":"Akhawe, D, He W, Li Z, Moazzezi R, Song D (2014) Clickjacking revisited: A perceptual view of ui security. Usenix Conference on Offensive Technologies. USENIX Association."},{"key":"7_CR3","first-page":"41","volume-title":"Proceeding ACSAC \u201912 Proceedings of the 28th Annual Computer Security Applications Conference","author":"AJ Aviv","year":"2012","unstructured":"Aviv, AJ, Sapp B, Blaze M, Smith JM (2012) Practicality of accelerometer side channels on smartphones In: Proceeding ACSAC \u201912 Proceedings of the 28th Annual Computer Security Applications Conference, 41\u201350.. ACM, Orlando."},{"key":"7_CR4","first-page":"90","volume-title":"ACM Sigsac Conference on Computer and Communications Security","author":"AM Azab","year":"2014","unstructured":"Azab, AM, Ning P, Shah J, Chen Q, Bhutkar R, Ganesh G, Ma J, Shen W (2014) Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world In: ACM Sigsac Conference on Computer and Communications Security, 90\u2013102.. ACM, Scottsdale."},{"key":"7_CR5","first-page":"915","volume-title":"2015 IEEE Symposium on Security and Privacy","author":"A Bianchi","year":"2015","unstructured":"Bianchi, A, Corbetta J, Invernizzi L, Fratantonio Y, Kruegel C, Vigna G (2015) What the app is that? Deception and Countermeasures in the Android User Interface In: 2015 IEEE Symposium on Security and Privacy, 915\u2013930.. IEEE, San Jose."},{"key":"7_CR6","unstructured":"Braden, WW (1969) Random common sentences. http:\/\/www.englishinuse.net\/ . Accessed Aug 2016."},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"Brasser, F, Kim D, Liebchen C, Ganapathy V, Iftode L, Sadeghi AR (2016) Regulating ARM TrustZone Devices in Restricted Spaces. International Conference on Mobile Systems, Applications, and Services, 413\u2013425.. ACM, Singapore.","DOI":"10.1145\/2906388.2906390"},{"key":"7_CR8","first-page":"675","volume-title":"Proceeding SEC\u201915 Proceedings of the 24th USENIX Conference on Security Symposium","author":"J Chen","year":"2015","unstructured":"Chen, J, Chen H, Bauman E, Lin Z, Zang B, Guan H (2015) You shouldn\u2019t collect my secrets: thwarting sensitive keystroke leakage in mobile ime apps In: Proceeding SEC\u201915 Proceedings of the 24th USENIX Conference on Security Symposium, 675\u2013690.. USENIX Association, Washington, D.C."},{"key":"7_CR9","unstructured":"Cox, LP, Gilbert P, Lawler G, Pistol V, Razeen A, Wu B, Cheemalapati S (2014) Spandex: Secure password tracking for android. Usenix Conference on Security Symposium. USENIX Association."},{"key":"7_CR10","first-page":"393","volume-title":"Usenix Conference on Operating Systems Design & Implementation","author":"W Enck","year":"2010","unstructured":"Enck, W, Gilbert P, Chun BG, Cox LP, Jung J, Mcdaniel P, Sheth AN (2010) Taintdroid: an information flow tracking system for real-time privacy monitoring on smartphones In: Usenix Conference on Operating Systems Design & Implementation, 393\u2013407.. USENIX Association, Vancouver."},{"key":"7_CR11","unstructured":"Google (2007) Number of available applications in the google play. https:\/\/www.statista.com\/statistics\/266210\/number-of-available-applications-in-the-google-play-store\/ . Accessed Nov 2017."},{"key":"7_CR12","unstructured":"Horn, J (2014) Cve-2014-7911: Privilege escalation using objectinputstream. https:\/\/www.reddit.com\/r\/netsec\/comments\/2mr9cz\/cve20147911_android_50_privilege_escalation_using\/ . Accessed Nov 2014."},{"key":"7_CR13","first-page":"977","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"J Huang","year":"2015","unstructured":"Huang, J, Li Z, Xiao X, Wu Z, Lu K, Zhang X, Jiang G (2015a) SUPOR: Precise and scalable sensitive user input detection for android apps. Usenix Conference on Security Symposium In: 24th USENIX Security Symposium (USENIX Security 15), 977\u2013992.. USENIX Association, Washington, D.C."},{"key":"7_CR14","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813606","volume-title":"From system services freezing to system server shutdown in android: All you need is a loop in an app. ACM Sigsac Conference on Computer and Communications Security","author":"H Huang","year":"2015","unstructured":"Huang, H, Zhu S, Chen K, Liu P (2015b) From system services freezing to system server shutdown in android: All you need is a loop in an app. ACM Sigsac Conference on Computer and Communications Security. ACM, Denver."},{"key":"7_CR15","unstructured":"InputConnection. Android Developer. https:\/\/developer.android.com\/reference\/android\/view\/inputmethod\/InputConnection.html\/ . Accessed Nov 2016."},{"key":"7_CR16","unstructured":"InputMethodManager (2016) The reference of android developer. https:\/\/developer.android.com\/reference\/android\/view\/inputmethod\/InputMethodManager.html . Accessed Nov 2016."},{"key":"7_CR17","volume-title":"SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment. Network and Distributed System Security Symposium","author":"J Jang","year":"2015","unstructured":"Jang, J, Kong S, Kim M, Kim D, Kang BB (2015) SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment. Network and Distributed System Security Symposium. The Internet Society, San Diego."},{"key":"7_CR18","unstructured":"John, LK, Eeckhout L (2005) Caffeinemark 3.0. http:\/\/www.benchmarkhq.ru\/cm30\/info.html . Accessed Nov 2016."},{"key":"7_CR19","volume-title":"DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation. Network and Distributed System Security Symposium, NDSS","author":"MG Kang","year":"2011","unstructured":"Kang, MG, Mccamant S, Poosankam P, Song D (2011) DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation. Network and Distributed System Security Symposium, NDSS. The Internet Society, San Diego."},{"key":"7_CR20","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1145\/2742647.2742676","volume-title":"MobiSys \u201915 Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services","author":"W Li","year":"2015","unstructured":"Li, W, Li H, Chen H, Xia Y (2015) Adattester: Secure online mobile advertisement attestation using trustzone In: MobiSys \u201915 Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services, 75\u201388.. ACM, Florence."},{"key":"7_CR21","volume-title":"Screenmilker: How to Milk Your Android Screen for Secrets. Network and Distributed System Security Symposium","author":"CC Lin","year":"2014","unstructured":"Lin, CC, Li H, Zhou XY, Wang XF (2014) Screenmilker: How to Milk Your Android Screen for Secrets. Network and Distributed System Security Symposium. The Internet Society, San Diego."},{"key":"7_CR22","doi-asserted-by":"crossref","first-page":"291","DOI":"10.1145\/2462456.2465425","volume-title":"Proceeding of the, International Conference on Mobile Systems, Applications, and Services","author":"D Liu","year":"2013","unstructured":"Liu, D, Cuervo E, Pistol V, Scudellari R, Cox LP (2013) ScreenPass: secure password entry on touchscreen devices In: Proceeding of the, International Conference on Mobile Systems, Applications, and Services, 291\u2013304.. ACM, Taipei."},{"key":"7_CR23","volume-title":"Smartphones as Practical and Secure Location Verification Tokens for Payments. Network and Distributed System Security Symposium","author":"C Marforio","year":"2014","unstructured":"Marforio, C, Karapanos N, Soriente C, Kostiainen K, \u010capkun S (2014) Smartphones as Practical and Secure Location Verification Tokens for Payments. Network and Distributed System Security Symposium. The Internet Society, San Diego."},{"key":"7_CR24","volume-title":"Side-channel attacks on mobile and wearable systems. IEEE Consumer Communications & NETWORKING Conference","author":"A Nahapetian","year":"2016","unstructured":"Nahapetian, A (2016) Side-channel attacks on mobile and wearable systems. IEEE Consumer Communications & NETWORKING Conference. IEEE, Las Vegas."},{"key":"7_CR25","first-page":"945","volume-title":"Usenix Conference on Security Symposium","author":"C Ren","year":"2015","unstructured":"Ren, C, Zhang Y, Xue H, et al (2015) Towards discovering and understanding task hijacking in android In: Usenix Conference on Security Symposium, 945\u2013959.. USENIX Association, Washington, D.C."},{"key":"7_CR26","doi-asserted-by":"crossref","unstructured":"Shao, Y, Ott J, Chen QA, Qian Z, Mao ZM (2016) Kratos: Discovering inconsistent security policy enforcement in the android framework In: Proc. 23rd Annual Network and Distributed System Security Symposium (NDSS\u201916). ISOC.","DOI":"10.14722\/ndss.2016.23046"},{"issue":"2","key":"7_CR27","doi-asserted-by":"publisher","first-page":"961","DOI":"10.1109\/SURV.2013.101613.00077","volume":"16","author":"G Suarez-Tangil","year":"2013","unstructured":"Suarez-Tangil, G, Tapiador JE, Peris-Lopez P, Ribagorda A (2013) Evolution, detection and analysis of malware for smart devices. IEEE Commun Surv Tutor 16(2):961\u2013987.","journal-title":"IEEE Commun Surv Tutor"},{"key":"7_CR28","first-page":"976","volume-title":"ACM Sigsac Conference on Computer and Communications Security","author":"H Sun","year":"2015","unstructured":"Sun, H, Sun K, Wang Y, Jing J (2015a) TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens In: ACM Sigsac Conference on Computer and Communications Security, 976\u2013988.. ACM, Denver."},{"key":"7_CR29","volume-title":"TrustDump: Reliable Memory Acquisition on Smartphones. European Symposium on Research in Computer Security","author":"H Sun","year":"2014","unstructured":"Sun, H, Sun K, Wang Y, Jing J, Jajodia S (2014) TrustDump: Reliable Memory Acquisition on Smartphones. European Symposium on Research in Computer Security. Springer, Wroclaw."},{"key":"7_CR30","first-page":"367","volume-title":"Ieee\/ifip International Conference on Dependable Systems and Networks","author":"H Sun","year":"2015","unstructured":"Sun, H, Sun K, Wang Y, Jing J, Wang H (2015b) Trustice: Hardware-assisted isolated computing environments on mobile devices In: Ieee\/ifip International Conference on Dependable Systems and Networks, 367\u2013378.. IEEE Computer Society, Rio de Janeiro."},{"key":"7_CR31","unstructured":"trustonicTrustzone, tee and trusted video path implementation. http:\/\/www.arm.com\/files\/event\/Developer_Track_6_TrustZone_TEEs_and_Trusted_Video_Path_implementation . considerations.pdf. Accessed Nov 2016."},{"key":"7_CR32","unstructured":"Windowmanager. Android Developer. https:\/\/developer.android.com\/reference\/android\/view\/WindowManager.html\/ . Accessed Nov 2016."},{"key":"7_CR33","doi-asserted-by":"publisher","first-page":"915","DOI":"10.1109\/SP.2015.61","volume-title":"2015 IEEE Symposium on Security and Privacy","author":"N Zhang","year":"2015","unstructured":"Zhang, N, Yuan K, Naveed M, Zhou X, Wang XF (2015) Leave me alone: App-level protection against runtime information gathering on android In: 2015 IEEE Symposium on Security and Privacy, 915\u2013930.. IEEE, San Jose."},{"key":"7_CR34","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1109\/SP.2012.16","volume-title":"2012 IEEE Symposium on Security and Privacy","author":"Y Zhou","year":"2012","unstructured":"Zhou, Y, Jiang X (2012) Dissecting android malware: Characterization and evolution In: 2012 IEEE Symposium on Security and Privacy, 95\u2013109.. IEEE, San Francisco."},{"key":"7_CR35","doi-asserted-by":"publisher","first-page":"616","DOI":"10.1109\/SP.2012.42","volume-title":"2012 IEEE Symposium on Security and Privacy","author":"Z Zhou","year":"2012","unstructured":"Zhou, Z, Gligor VD, Newsome J, McCune JM (2012) Building verifiable trusted path on commodity x86 computers In: 2012 IEEE Symposium on Security and Privacy, 616\u2013630.. IEEE, San Francisco."}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-018-0007-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s42400-018-0007-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-018-0007-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,24]],"date-time":"2022-08-24T12:28:48Z","timestamp":1661344128000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-018-0007-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,6,5]]},"references-count":35,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2018,12]]}},"alternative-id":["7"],"URL":"https:\/\/doi.org\/10.1186\/s42400-018-0007-6","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,6,5]]},"assertion":[{"value":"4 January 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 April 2018","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 June 2018","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that they have no competing interests.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}},{"value":"Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Publisher\u2019s Note"}}],"article-number":"5"}}