Literatur vom gleichen Autor/der gleichen Autor*in
plus bei Google Scholar

Bibliografische Daten exportieren
 

TapTrap : Animation-Driven Tapjacking on Android

Titelangaben

Beer, Philipp ; Squarcina, Marco ; Roth, Sebastian ; Lindorfer, Martina:
TapTrap : Animation-Driven Tapjacking on Android.
2025
Veranstaltung: 34th USENIX Security Symposium , August 13–15, 2025 , Seattle, WA, USA.
(Veranstaltungsbeitrag: Kongress/Konferenz/Symposium/Tagung , Paper )

Volltext

Link zum Volltext (externe URL): Volltext

Weitere URLs

Abstract

Users interact with mobile devices under the assumption that the graphical user interface (GUI) accurately reflects their actions, a trust fundamental to the user experience. In this work, we present TapTrap, a novel attack that enables zero-permission apps to exploit UI animations to undermine this trust relationship. TapTrap can be used by a malicious app to stealthily bypass Android’s permission system and gain access to sensitive data or execute destructive actions, such as wiping the device without user approval. Its impact extends beyond the Android ecosystem, enabling tapjacking and Web clickjacking. TapTrap is able to bypass existing tapjacking defenses, as those are targeted toward overlays. Our novel approach, instead, abuses activity transition animations and is effective even on Android 15. We analyzed 99,705 apps from the Play Store to assess whether TapTrap is actively exploited in the wild. Our analysis found no evidence of such exploitation. Additionally, we conducted a large-scale study on these apps and discovered that 76.3% of apps are vulnerable to TapTrap. Finally, we evaluated the real-world feasibility of TapTrap through a user study with 20 participants, showing that all of them failed to notice at least one attack variant. Our findings have resulted in two assigned CVEs.

Weitere Angaben

Publikationsform: Veranstaltungsbeitrag (Paper)
Begutachteter Beitrag: Ja
Keywords: Android; Tapjacking; Clickjacking; Animation
Institutionen der Universität: Fakultäten > Fakultät für Mathematik, Physik und Informatik > Institut für Informatik > Juniorprofessur Cybersecurity > Juniorprofessur Cybersecurity - Juniorprof. Dr.-Ing. Sebastian Roth
Titel an der UBT entstanden: Ja
Themengebiete aus DDC: 000 Informatik,Informationswissenschaft, allgemeine Werke > 004 Informatik
600 Technik, Medizin, angewandte Wissenschaften > 600 Technik
Eingestellt am: 29 Jul 2025 08:58
Letzte Änderung: 29 Jul 2025 08:58
URI: https://eref.uni-bayreuth.de/id/eprint/94368