What the App is That? Deception and Countermeasures in the Android User Interface

Explore the vulnerabilities in Android's user interface that can lead to deception and phishing attacks in this IEEE conference talk. Delve into a detailed analysis of how users can be misled into misidentifying apps, potentially exposing sensitive information to malicious actors. Discover various attack vectors, including novel techniques like non-escapable full screen overlays, that exploit limitations in Android's GUI. Learn about a two-layer defense system developed to combat these threats, comprising a market-level detection tool using static analysis and an on-device security indicator in the system navigation bar. Examine the results of a user study involving 308 participants, demonstrating the effectiveness of the proposed countermeasures in significantly improving users' ability to detect GUI-based attacks on Android devices.

What the App is That? Deception and Countermeasures in the Android User Interface