Maintaining User Interface Integrity on Android

The demand of having a multi-window and multi-tasking option in Android devices has been an emerging topic among Android users, especially with the trends toward larger hand-held screen sizes. One option to meet this demand, is to use floating windows. This feature enables users to perform more than one task at the same time while sharing the same screen. Device screens can be divided into multiple windows that can have different visual features in terms of size, location and transparency. While this feature addresses user complaints about Android on large screen devices, attention must be given to the security implications of such an option. In this work, we demonstrate how the current implementation of floating windows on Android can be abused to compromise user interface integrity through several attacks such as tapjacking, event eavesdropping and eventhijacking. Although previous versions of Android have evolved to handle the issue of eventhijacking enabled by Toasts, recent versions fail to address security concerns related to floating windows. We propose and describe two approaches, an application level and a system level, to enable secure apps against possible malicious floating windows. The application level approach aims to detect existence and location of floating windows on top of an app. System level approach not only detects their existence, but also extends the system to include an event handler that notifies apps when floating windows are rendered over the apps' secure regions. We implemented our proposed approaches and performed experiments to evaluate their efficiency.