Research Article
Android Keylogging Threat
@INPROCEEDINGS{10.4108/icst.collaboratecom.2013.254209, author={Fadi Mohsen and Mohamed Shehab}, title={Android Keylogging Threat}, proceedings={The 8th IEEE International Workshop on Trusted Collaboration}, publisher={ICST}, proceedings_a={TRUSTCOL}, year={2013}, month={11}, keywords={mobile security mobile apps keyboard logging}, doi={10.4108/icst.collaboratecom.2013.254209} }- Fadi Mohsen
Mohamed Shehab
Year: 2013
Android Keylogging Threat
TRUSTCOL
ICST
DOI: 10.4108/icst.collaboratecom.2013.254209
Abstract
The openness of Android platform has attracted users, developers and attackers. Android offers bunch of capabilities and flexibilities, for instance, developers can write their own keyboard service-similar to Android soft keyboards-using the KeyboardView class. This class is available since api level 3.0 and can be part of the layout of an activity. Users prefer to download and install third-party keyboards that offer better experience and capabilities. However, there are security risks related to users installing and using these custom keyboards. Attackers can build or take advantage of existing third-party keyboards to create keyloggers to spy on smartphones users. Third-party keyboard once activated would substitute the Android standard keyboard, so all keys events pass this app. As results, many attacks can be launched identified by the permissions granted to these apps. The objective of this paper is to present these attacks, analyze their causes, and provide possible solutions.
