Android keylogging threat

Author

Mohsen, Fadi ; Shehab, Mohamed

Author_Institution

Dept. of Software & Inf. Syst., Univ. of North Carolina at Charlotte, Charlotte, NC, USA

fYear

2013

fDate

20-23 Oct. 2013

Firstpage

545

Lastpage

552

Abstract

The openness of Android platform has attracted users, developers and attackers. Android offers bunch of capabilities and flexibilities, for instance, developers can write their own keyboard service-similar to Android soft keyboards-using the KeyboardView class. This class is available since api level 3.0 and can be part of the layout of an activity. Users prefer to download and install third-party keyboards that offer better experience and capabilities. However, there are security risks related to users installing and using these custom keyboards. Attackers can build or take advantage of existing third-party keyboards to create keyloggers to spy on smartphones users. Third-party keyboard once activated would substitute the Android standard keyboard, so all keys events pass this app. As results, many attacks can be launched identified by the permissions granted to these apps. The objective of this paper is to present these attacks, analyze their causes, and provide possible solutions.

Keywords

Android (operating system); mobile computing; security of data; Android keylogging threat; Android platform; Android soft keyboards; Android standard keyboard; KeyboardView class; security risks; third-party keyboards; Androids; Humanoid robots; Keyboards; Malware; Mobile communication; Smart phones; Software; keyboard logging; mobile apps; mobile security;

fLanguage

English

Publisher

ieee

Conference_Titel

Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom), 2013 9th International Conference Conference on

Conference_Location

Austin, TX

Type

conf

Filename

6680023