The 8th IEEE International Workshop on Trusted Collaboration

Research Article

Android Keylogging Threat

Download737 downloads
  • @INPROCEEDINGS{10.4108/icst.collaboratecom.2013.254209,
        author={Fadi Mohsen and Mohamed Shehab},
        title={Android Keylogging Threat},
        proceedings={The 8th IEEE International Workshop on Trusted Collaboration},
        publisher={ICST},
        proceedings_a={TRUSTCOL},
        year={2013},
        month={11},
        keywords={mobile security mobile apps keyboard logging},
        doi={10.4108/icst.collaboratecom.2013.254209}
    }
    
  • Fadi Mohsen
    Mohamed Shehab
    Year: 2013
    Android Keylogging Threat
    TRUSTCOL
    ICST
    DOI: 10.4108/icst.collaboratecom.2013.254209
Fadi Mohsen1, Mohamed Shehab1,*
  • 1: UNC Charlotte
*Contact email: mshehab@uncc.edu

Abstract

The openness of Android platform has attracted users, developers and attackers. Android offers bunch of capabilities and flexibilities, for instance, developers can write their own keyboard service-similar to Android soft keyboards-using the KeyboardView class. This class is available since api level 3.0 and can be part of the layout of an activity. Users prefer to download and install third-party keyboards that offer better experience and capabilities. However, there are security risks related to users installing and using these custom keyboards. Attackers can build or take advantage of existing third-party keyboards to create keyloggers to spy on smartphones users. Third-party keyboard once activated would substitute the Android standard keyboard, so all keys events pass this app. As results, many attacks can be launched identified by the permissions granted to these apps. The objective of this paper is to present these attacks, analyze their causes, and provide possible solutions.