Title :
Android keylogging threat
Author :
Mohsen, Fadi ; Shehab, Mohamed
Author_Institution :
Dept. of Software & Inf. Syst., Univ. of North Carolina at Charlotte, Charlotte, NC, USA
Abstract :
The openness of Android platform has attracted users, developers and attackers. Android offers bunch of capabilities and flexibilities, for instance, developers can write their own keyboard service-similar to Android soft keyboards-using the KeyboardView class. This class is available since api level 3.0 and can be part of the layout of an activity. Users prefer to download and install third-party keyboards that offer better experience and capabilities. However, there are security risks related to users installing and using these custom keyboards. Attackers can build or take advantage of existing third-party keyboards to create keyloggers to spy on smartphones users. Third-party keyboard once activated would substitute the Android standard keyboard, so all keys events pass this app. As results, many attacks can be launched identified by the permissions granted to these apps. The objective of this paper is to present these attacks, analyze their causes, and provide possible solutions.
Keywords :
Android (operating system); mobile computing; security of data; Android keylogging threat; Android platform; Android soft keyboards; Android standard keyboard; KeyboardView class; security risks; third-party keyboards; Androids; Humanoid robots; Keyboards; Malware; Mobile communication; Smart phones; Software; keyboard logging; mobile apps; mobile security;
Conference_Titel :
Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom), 2013 9th International Conference Conference on
Conference_Location :
Austin, TX
