A Systematic Deconstruction of Human-Centric Privacy & Security Threats on Mobile Phones

Figures & data

Figure 1. The figure shows the step-wise systematic literature review methodology we followed to develop the categorisation of social engineering and side-channel attacks on mobile phones.

Figure 2. The figure shows the categorisation of human centred social engineering and side channel attacks on mobile phones from the perspective of an attacker. We developed this categorization based on the resources extracted from the papers resulting from the systematic literature review.

Figure 3. The figure shows the categorisation of attacks in four levels from an attacker’s perspective. The expertise required to perform an attacker increases as we progress in categorisation levels.

Figure 4. The figure shows a thermal image of smartphone authentication captured using a thermal camera, i.e., a flir camera. The authentication information can be easily observed by observing the heat traces. This is a typical scenario of thermal Attacks that belongs to the category of Novice Attacks.

Figure 5. The figure showcases common occurrences of shoulder surfing - a type of novice attack - in the daily lives of users where the bystander uses direct observation to make observations of the screen and retrieve personal information about the user.

Table A1. The table shows the list of papers extracted from the selected publication venues which are included in the systematic literature review.

Papers Included in the Categorisation (I)	Reference
Main Search List
Undermining User Privacy on Mobile Devices Using AI	(Gulmezoglu et al., 2019)
Charging Me and I Know Your Secrets!: Towards Juice Filming Attacks on Smartphones	(Meng et al., 2015)
Boosting the Guessing Attack Performance on Android Lock Patterns with Smudge Attacks	(Cha et al., 2017)
Find me a safe zone: A countermeasure for channel state information based attacks	(J. Zhang et al., 2019)
EvoPass: Evolvable graphical password against shoulder-surfing attacks	(Yu et al., 2017)
Smartphone speech privacy concerns from side-channel attacks on facial biomechanics	(Griswold-Steiner et al., 2021)
Inferring User Routes and Locations Using Zero-Permission Mobile Sensors	(Narain et al., 2016)
MISSILE: A System of Mobile Inertial Sensor-Based Sensitive Indoor Location Eavesdropping	(Zheng & Hu, 2020)
Stealing Passwords by Observing Hands Movement	(Shukla & Phoha, 2019)
We Can Track You if You Take the Metro: Tracking Metro Riders Using Accelerometers on Smartphones	(Hua et al., 2017)
Peeking into your app without actually seeing it:{UI} state inference and novel android attacks	(Q. A. Chen et al., 2014)
Armageddon: Cache attacks on mobile devices	(Lipp et al., 2016)
Security analysis of Unified Payments Interface and payment apps in India	(Kumar et al., 2020)
A Stealthy Location Identification Attack Exploiting Carrier Aggregation in Cellular Networks	(Lakshmanan et al., 2021)
Cashtags: Prevent leaking sensitive information through screen display	(Mitchell et al., 2015)
A closer look at recognition-based graphical passwords on mobile devices	(Dunphy et al., 2010)
An empirical study of wireless carrier authentication for SIM swaps	(Lee et al., 2020)
Hit by the Bus: QoS Degradation Attack on Android	(Inci et al., 2017)
ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android	(Spreitzer et al., 2018)
WaveSpy: Remote and Through-wall Screen Attack via mmWave Sensing	(Z. Li et al., 2020)

Table A2. The table shows the list of papers extracted by performing backward search which are included in the systematic literature review.

Papers Included in the Categorisation (II)	Reference
Backward Search List
Practical memory deduplication attacks in sandboxed javascript	(Gruss et al., 2015)
Memento: Learning secrets from process footprints	(Jana & Shmatikov, 2012)
Scandroid: Automated side-channel analysis of android apis	(Spreitzer et al., 2018)
Os-level side channels without procfs: Exploring cross-app information leakage on ios	(X. Zhang et al., 2018)
Accessory: password inference using accelerometers on smartphones	(Owusu et al., 2012)
A pilot study on the security of pattern screen-lock methods and soft side channel attacks	(Andriotis et al., 2013)
When CSI meets public wifi: Inferring your mobile phone password via wifi signals	(M. Li et al., 2016)
Cracking android pattern lock in five attempts	(Ye et al., 2017)
Blind recognition of touched keys on mobile devices	(Yue et al., 2014)
Privacy leakage in mobile sensing: your unlock passwords can be leaked through wireless hotspot functionality	(J. Zhang et al., 2016)
Routedetector: Sensor-based positioning system that exploits spatio-temporal regularity of human mobility	(Watanabe et al., 2015)
Mobile social networking under side-channel attacks: Practical security challenges	(Ometov et al., 2017)
Smartphone passcode prediction	(T. Chen et al., 2018)
iSpy: Automatic reconstruction of typed input from compromising reflections	(Raguram et al., 2011)
Pin skimmer: Inferring pins through the camera and microphone	(Simon & Anderson, 2013)
Niffler: A contextaware and user-independent side-channel attack system for password inference	(Tang et al., 2018)
Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning	(Narain et al., 2014)
PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices	(Spreitzer, 2014)
What the App is That? Deception and Countermeasures in the Android User Interface	(Bianchi et al., 2015)
Don’t Interrupt Me While I Type: Inferring Text Entered Through Gesture Typing on Android Keyboards	(Simon et al., 2016)
Exploiting Data-Usage Statistics for Website Fingerprinting Attacks on Android	(Spreitzer et al., 2016)
A Study on Power Side Channels on Mobile Devices	(Yan et al., 2015)
Return-Oriented Flush- Reload Side Channels on ARM and Their Implications for Android Devices	(X. Zhang et al., 2016)

Table A3. The table shows the list of papers extracted by performing forward search which are included in the systematic literature review.

Papers Included in the Categorisation (III)	Reference
Forward Search List
Deciphering text from touchscreen key taps	(H. Gupta et al., 2016)
Exploring energy consumption of juice filming charging attack on smartphones: a pilot study	(Jiang et al., 2017)
Draw it as shown: Behavioral pattern lock for mobile user authentication	(Ku et al., 2019)
Syspal: System-guided pattern locks for android	(Cho et al., 2017)
A new smart smudge attack using CNN	(Shin et al., 2022)
Inference attack in android activity based on program fingerprint	(Yang et al., 2019)
Inferring UI States of Mobile Applications Through Power Side Channel Exploitation	(Guo et al., 2018)
No pardon for the interruption: New inference attacks on android through interrupt timing analysis	(Diao et al., 2016)
MagneticSpy: Exploiting Magnetometer in Mobile Devices for Website and Application Fingerprinting	(Matyunin et al., 2019)
Using hover to compromise the confidentiality of user input on Android	(Ulqinaku et al., 2017)
Textlogger: inferring longer inputs on touch screen using motion sensors	(Ping et al., 2015)
Clickshield: Are you hiding something? Towards eradicating clickjacking on Android	(Possemato et al., 2018)
Hidemyapp: Hiding the presence of sensitive apps on android	(Pham et al., 2019)
Gui-squatting attack: Automated generation of android phishing apps	(S. Chen et al., 2019)
{AttriGuard}: A practical defense against attribute inference attacks via adversarial machine learning	(Jia & Gong, 2018)
Resource Race Attacks on Android	(Cai et al., 2020)
What Mobile Ads Know About Mobile Users.	(Son et al., 2016)
Grand pwning unit: Accelerating microarchitectural attacks with the GPU	(Frigo et al., 2018)
Truspy: Cache side-channel information leakage from the secure world on arm devices	(N. Zhang et al., 2016)
Schrodintext: Strong protection of sensitive textual content of mobile applications	(Amiri Sani, 2017)
ICAUTH: Implicit and continuous authentication when the screen is awake	(Wu et al., 2019)
Tivos: Trusted visual i/o paths for android	(Fernandes et al., 2014)

Table B1. The table shows the codebook for attack infrastructure requirement categories.

Category	Description	Examples
Manual Tools	Refers to non-electronic/non-powered devices or tools	Pen, box, papers, sealed box
Software Tools	programs that make use of sophisticated algorithms	Smug attack tool, n-gram Markov Model, image matching algorithm, Probabilistic Hough Transformation, Android Background Service, CSI Measurement Tool, Voice Training Data from the accomplice, VGA2USB driver, Remote Server, Probabilistic Password Model (eg n-gram Markov Model), Supervised Machine Learning Model, Model Classifier Configurations, Android Framework Services, Edge Detection Algorithm, Edge dilation, CV algorithm, open-source cellular projects. Edge Detection Algorithm, Tracking Learning Detection, Dynamic Time Wrapping, Video Editing Tool, Fine-Grained Accelerometer Data, Keypress segmentation, Probabilistic Keypress Classification, Probabilistic Error Model, Search Algorithm, Graph construction, Android NDK, ADB, CSI Measurement Tool, discrete wavelet decomposition, Threshold Quantification, Random Forest, Skin Detection Algorithm, Inverse Wavelet Transform, Dynamic Time Warping, AdSDK, Symbolic Aggregate approXimation (SAX), LibSVM, exotic atomic operation loop, cache profiling tool, sticky background service, LibSVM, malloc implementation (GNU C Library), signal processing scheme, wavelet-based response analysis, Support Vector Machine (SVM), K-Nearest Neighbor (KNN), standard Android Framework services, alternate soft-keyboards, deformable part-based model (DPM), k-means clustering algorithm, APK tool, Homography, Keras, ADB shell, Tensorflow, AdSDK.
Mobile Phone Application	An application that needs to be installed on the target’s mobile device	Malicious application, legitimate spyware, privileged application, Trojan application, phishing application, malware, non-malicious application
Advanced Programming	Advanced programming expertise from specialized fields of programming	Image Processing, Perspective Transform Technique, Canny Edge Detection, Hough Circle Transform, Deep Neural Network, C++/Java, Hidden Markov Model, Machine Learning, Supervised Learning Scheme, Genetic and Detection Algorithm, Pattern Matching Algorithm, Recurrent Neural Network, Neural Network Processes, Deep Learning, Weka Toolkit, Convolutional Neural Network, Python, OCR Techniques, Matlab LTE Toolkit, Computer Vision, Skin Segmentation Techniques, finger detection classifier, Supervised Learning Scheme, Support Vector Machine, OpenCV, Classifier, Language Model, regression model, classifier, Javascript, C/C++, genetic and detection algorithm, Gaussian filter, pattern matching algorithm, Recurrent neural network (RNN), Java/C language, Java-ML Library, matlab LTE toolbox, cascade classifier training, Matlab’s Statistics Toolbox, sandbox app, Symlet Filter, natural language processing algorithms, signal processing techniques, scikit-learn library, kernel privileges, Return-Oriented Programming, code injection
Hardware Tools	External electronic tools required to be connected with the attack setup	VGA/USB interface, Micro USB connector, Mobile High Definition Link (MHL) standard, computer, Rasberry Pi, High-resolution camera, flash lightning system, wireless router, video recorder, Bluetooth Low Energy Beacon (BLE), Low Power Microcontroller, EspressifESP32 chip, a dual-core Tensilica Extensa LX6 processor, High Frequency Analog to Digital Converter, smartphone, USB outlet, charging cable, power bank, voltage monitor, SD card, software-defined radio device, camcorder, surveillance camera, public geographical data, a similar device as victim’s, FMCW mmWave probe, frequency-modulated continuous-wave (FMCW) radar, Panasonic Lumix DMC-TZ5 compact camera, Gorilla Glass screen, USB microscope with 400x magnification, FLIR E30, hard light source, Digital Single-Lens Reflex (DSLR), laptop with Intel 5300 NIC, smart device with hotspot functionality, external sound card, Monsoon Power Monitor, smart device with hotspot functionality, Freescale i.MX53 development board running CortexA-8 processor
User Phone Permissions	Permissions requested by the attacker to access different services or sensors on the mobile device	Access to camera, microphone, accelerometer sensor, orientation sensor, internet, external storage, get_tasks, system_alert, gyroscope, magnetometer, Bluetooth, WRITE_EXTERNAL_STATE, Receive SMS, Read Phone State, GET_TASKS permissions, motion sensor
Human Capabilities	Resources within the scope of human physical and personal abilities	Close proximity with the target, direct observation, the human memory. physical access to the target device, physical walk through the target’s location, context information about the victim, access to public geographical information, access to a reference image of the phone, Victim’s phone number and name,

Gulmezoglu, B., Zankl, A., Tol, M. C., Islam, S., Eisenbarth, T., & Sunar, B. (2019). Undermining user privacy on mobile devices using AI [Paper presentation]. In Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security (pp. 214–227). https://doi.org/10.1145/3321705.3329804

 Google Scholar

Meng, W., Lee, W. H., Murali, S., Krishnan, S. (2015). Charging me and i know your secrets! Towards juice filming attacks on smartphones. In Proceedings of the 1st Acm Workshop on Cyber-Physical System Security (pp. 89–98).

 Google Scholar

Cha, S., Kwag, S., Kim, H., & Huh, J. H. (2017). Boosting the guessing attack performance on android lock patterns with smudge attacks [Paper presentation]. In Proceedings of the 2017 Acm on Asia Conference on Computer and Communications Security (pp. 313–326). https://doi.org/10.1145/3052973.3052989

 Google Scholar

Zhang, J., Tang, Z., Li, M., Fang, D., Chen, X., & Wang, Z. (2019). Find me a safe zone: A countermeasure for channel state information based attacks. Computers & Security, 80, 273–290. https://doi.org/10.1016/j.cose.2018.09.017

 Web of Science ®Google Scholar

Yu, X., Wang, Z., Li, Y., Li, L., Zhu, W. T., & Song, L. (2017). Evopass: Evolvable graphical password against shoulder-surfing attacks. Computers & Security, 70, 179–198. https://doi.org/10.1016/j.cose.2017.05.006

 Web of Science ®Google Scholar

Griswold-Steiner, I., LeFevre, Z., & Serwadda, A. (2021). Smartphone speech privacy concerns from side-channel attacks on facial biomechanics. Computers & Security, 100, 102110. https://doi.org/10.1016/j.cose.2020.102110

 Web of Science ®Google Scholar

Narain, S., Vo-Huu, T. D., Block, K., & Noubir, G. (2016). Inferring user routes and locations using zero-permission mobile sensors [Paper presentation]. 2016 IEEE Symposium on Security and Privacy (sp) (pp. 397–413). https://doi.org/10.1109/SP.2016.31

 Google Scholar

Zheng, H., & Hu, H. (2020). Missile: A system of mobile inertial sensor-based sensitive indoor location eavesdropping. IEEE Transactions on Information Forensics and Security, 15, 3137–3151. https://doi.org/10.1109/TIFS.2019.2944034

 Web of Science ®Google Scholar

Shukla, D., & Phoha, V. V. (2019). Stealing passwords by observing hands movement. IEEE Transactions on Information Forensics and Security, 14(12), 3086–3101. https://doi.org/10.1109/TIFS.2019.2911171

 Web of Science ®Google Scholar

Hua, J., Shen, Z., & Zhong, S. (2017). We can track you if you take the metro: Tracking metro riders using accelerometers on smartphones. IEEE Transactions on Information Forensics and Security, 12(2), 286–297. https://doi.org/10.1109/TIFS.2016.2611489

 Web of Science ®Google Scholar

Chen, Q. A., Qian, Z., Mao, Z. M. (2014). Peeking into your app without actually seeing it:{UI} state inference and novel android attacks. In 23rd Usenix Security Symposium (Usenix Security 14) (pp. 1037 – 1052).

 Google Scholar

Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., Mangard, S. (2016). {ARMageddon}: Cache attacks on mobile devices. In 25th Usenix Security Symposium (Usenix Security 16) (pp. 549–564).

 Google Scholar

Kumar, R., Kishore, S., Lu, H., Prakash, A. (2020). Security analysis of unified payments interface and payment apps in India. In 29th Usenix Security Symposium (Usenix Security 20) (pp. 1499 – 1516).

 Google Scholar

Lakshmanan, N., Budhdev, N., Kang, M. S., Chan, M. C., & Han, J. (2021). A stealthy location identification attack exploiting carrier aggregation in cellular networks [Paper presentation]. In 30th Usenix Security Symposium (Usenix Security 21) (pp. 3899–3916).

 Google Scholar

Mitchell, M., Wang, A.-I., Reiher, P. (2015). Cashtags: Prevent leaking sensitive information through screen display. In Proceedings of the Usenix Security Symposium (Vol. 1).

 Google Scholar

Dunphy, P., Heiner, A. P., & Asokan, N. (2010). A closer look at recognition-based graphical passwords on mobile devices [Paper presentation]. Proceedings of the Sixth Symposium on Usable Privacy and Security (pp. 1–12). https://doi.org/10.1145/1837110.1837114

 Google Scholar

Lee, K., Kaiser, B., Mayer, J., Narayanan, A. (2020). An empirical study of wireless carrier authentication for {SIM} swaps. In Sixteenth Symposium on Usable Privacy and Security (Soups 2020) (pp. 61 – 79).

 Google Scholar

Inci, M. S., Eisenbarth, T., Sunar, B. (2017). Hit by the bus: Qos degradation attack on android. In Proceedings of the 2017 Acm on Asia Conference on Computer and Communications Security (pp. 716 – 727).

 Google Scholar

Spreitzer, R., Kirchengast, F., Gruss, D., Mangard, S. (2018). Procharvester: Fully automated analysis of procfs side-channel leaks on android. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (pp. 749–763).

 Google Scholar

Li, Z., Ma, F., Rathore, A. S., Yang, Z., Chen, B., Su, L., & Xu, W. (2020). Wavespy: Remote and through-wall screen attack via mmwave sensing [Paper presentation].2020 IEEE Symposium on Security and Privacy (SP) (pp. 217–232). https://doi.org/10.1109/SP40000.2020.00004

 Google Scholar

Gruss, D., Bidner, D., Mangard, S. (2015). Practical memory deduplication attacks in sandboxed javascript. In European Symposium on Research in Computer Security (pp. 108 – 122).

 Google Scholar

Jana, S., Shmatikov, V. (2012). Memento: Learning secrets from process footprints. In 2012 IEEE Symposium on Security and Privacy (pp. 143 – 157).

 Google Scholar

Spreitzer, R., Palfinger, G., Mangard, S. (2018). Scandroid: Automated side-channel analysis of android apis. In Proceedings of the 11th Acm Conference on Security & Privacy in Wireless and Mobile Networks (pp. 224–235).

 Google Scholar

Zhang, X., Wang, X., Bai, X., Zhang, Y., Wang, X. (2018). Os-level side channels without procfs: Exploring cross-app information leakage on ios. In Proceedings of the Symposium on Network and Distributed System Security.

 Google Scholar

Owusu, E., Han, J., Das, S., Perrig, A., & Zhang, J. (2012). Accessory: Password inference using accelerometers on smartphones [Paper presentation].Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications (pp. 1–6). https://doi.org/10.1145/2162081.2162095

 Google Scholar

Andriotis, P., Tryfonas, T., Oikonomou, G., & Yildiz, C. (2013). A pilot study on the security of pattern screen-lock methods and soft side channel attacks [Paper presentation]. Proceedings of the Sixth Acm Conference on Security and Privacy in Wireless and Mobile Networks, (pp. 1–6). https://doi.org/10.1145/2462096.2462098

 Google Scholar

Li, M., Meng, Y., Liu, J., Zhu, H., Liang, X., Liu, Y., Ruan, N. (2016). When CSI meets public wifi: Inferring your mobile phone password via wifi signals. In Proceedings of the 2016 ACM Sigsac Conference on Computer and Communications Security (pp. 1068 – 1079).

 Google Scholar

Ye, G., Tang, Z., Fang, D., Chen, X., Kim, K. I., Taylor, B., Wang, Z. (2017). Cracking android pattern lock in five attempts. In Proceedings of the 2017 Network and Distributed System Security Symposium 2017 (Ndss 17).

 Google Scholar

Yue, Q., Ling, Z., Fu, X., Liu, B., Ren, K., Zhao, W. (2014). Blind recognition of touched keys on mobile devices. In Proceedings of the 2014 Acm Sigsac Conference on Computer and Communications Security (pp. 1403–1414).

 Google Scholar

Zhang, J., Zheng, X., Tang, Z., Xing, T., Chen, X., Fang, D., Li, R., Gong, X., & Chen, F. (2016). Privacy leakage in mobile sensing: Your unlock passwords can be leaked through wireless hotspot functionality. Mobile Information Systems, 2016, 1–14. https://doi.org/10.1155/2016/8793025

 Web of Science ®Google Scholar

Watanabe, T., Akiyama, M., & Mori, T. (2015). {RouteDetector}: Sensor-based positioning system that exploits {Spatio-Temporal} regularity of human mobility [Paper presentation]. In 9th Usenix Workshop on Offensive Technologies (Woot 15).

 Google Scholar

Ometov, A., Levina, A., Borisenko, P., Mostovoy, R., Orsino, A., & Andreev, S. (2017). Mobile social networking under side-channel attacks: Practical security challenges. IEEE Access, 5, 2591–2601. https://doi.org/10.1109/ACCESS.2017.2665640

 Web of Science ®Google Scholar

Chen, T., Farcasin, M., & Chan-Tin, E. (2018). Smartphone passcode prediction. IET Information Security, 12(5), 431–437. https://doi.org/10.1049/iet-ifs.2017.0606

 Web of Science ®Google Scholar

Raguram, R., White, A. M., Goswami, D., Monrose, F., Frahm, J.-M. (2011). ISPY: Automatic reconstruction of typed input from compromising reflections. In Proceedings of the 18th ACM Conference on Computer and Communications Security (pp. 527–536).

 Google Scholar

Simon, L., Anderson, R. (2013). Pin skimmer: Inferring pins through the camera and microphone. In Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices (pp. 67–78).

 Google Scholar

Tang, B., Wang, Z., Wang, R., Zhao, L., & Wang, L. (2018). Niffler: A context-aware and user-independent side-channel attack system for password inference. Wireless Communications and Mobile Computing, 2018, 1–19. https://doi.org/10.1155/2018/4627108

 Google Scholar

Narain, S., Sanatinia, A., & Noubir, G. (2014). Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning [Paper presentation]. Proceedings of the 2014 Acm Conference on Security and Privacy in Wireless & Mobile Networks (pp. 201–212). https://doi.org/10.1145/2627393.2627417

 Google Scholar

Spreitzer, R. (2014). Pin skimming: Exploiting the ambient-light sensor in mobile devices. In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices (pp. 51–62).

 Google Scholar

Bianchi, A., Corbetta, J., Invernizzi, L., Fratantonio, Y., Kruegel, C., Vigna, G. (2015). What the app is that? deception and countermeasures in the android user interface. In 2015 IEEE Symposium on Security and Privacy (pp. 931 – 948).

 Google Scholar

Simon, L., Xu, W., & Anderson, R. (2016). Don’t interrupt me while i type: Inferring text entered through gesture typing on android keyboards. Proceedings on Privacy Enhancing Technologies Symposium, 2016(3), 136–154. https://doi.org/10.1515/popets-2016-0020

 Google Scholar

Spreitzer, R., Griesmayr, S., Korak, T., Mangard, S. (2016). Exploiting data-usage statistics for website fingerprinting attacks on android. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks (pp. 49–60).

 Google Scholar

Yan, L., Guo, Y., Chen, X., Mei, H. (2015). A study on power side channels on mobile devices. In Proceedings of the 7th Asia-Pacific Symposium on Internetware (pp. 30–38).

 Google Scholar

Gupta, H., Sural, S., Atluri, V., Vaidya, J. (2016). Deciphering text from touchscreen key taps. In IFIP Annual Conference on Data and Applications Security and Privacy (pp. 3 – 18).

 Google Scholar

Jiang, L., Meng, W., Wang, Y., Su, C., Li, J. (2017). Exploring energy consumption of juice filming charging attack on smartphones: A pilot study. In International Conference on Network and System Security (pp. 199 – 213).

 Google Scholar

Ku, Y., Park, L. H., Shin, S., & Kwon, T. (2019). Draw it as shown: Behavioral pattern lock for mobile user authentication. IEEE Access, 7, 69363–69378. https://doi.org/10.1109/ACCESS.2019.2918647

 Web of Science ®Google Scholar

Cho, G., Huh, J. H., Cho, J., Oh, S., Song, Y., & Kim, H. (2017). Syspal: System-guided pattern locks for android [Paper presentation]. 2017 IEEE Symposium on Security and Privacy (sp) (pp. 338–356). https://doi.org/10.1109/SP.2017.61

 Google Scholar

Shin, H., Sim, S., Kwon, H., Hwang, S., & Lee, Y. (2022). A new smart smudge attack using CNN. International Journal of Information Security, 21(1), 25–36. https://doi.org/10.1007/s10207-021-00540-z

 Web of Science ®Google Scholar

Yang, L., Zhi, Y., Wei, T., Yu, S., & Ma, J. (2019). Inference attack in android activity based on program fingerprint. Journal of Network and Computer Applications, 127, 92–106. https://doi.org/10.1016/j.jnca.2018.12.007

 Web of Science ®Google Scholar

Guo, Y., Ma, J., Wu, W., Chen, X. (2018). Inferring UI states of mobile applications through power side channel exploitation. In International Conference on Security and Privacy in Communication Systems (pp. 210 – 226).

 Google Scholar

Diao, W., Liu, X., Li, Z., & Zhang, K. (2016). No pardon for the interruption: New inference attacks on android through interrupt timing analysis [Paper presentation]. In 2016 IEEE Symposium on Security and Privacy (sp) (pp. 414–432). https://doi.org/10.1109/SP.2016.32

 Google Scholar

Matyunin, N., Wang, Y., Arul, T., Kullmann, K., Szefer, J., Katzenbeisser, S. (2019). Magneticspy: Exploiting magnetometer in mobile devices for website and application fingerprinting. In Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society (pp. 135–149).

 Google Scholar

Ulqinaku, E., Malisa, L., Stefa, J., Mei, A., Čapkun, S. (2017). Using hover to compromise the confidentiality of user input on android. In Proceedings of the 10th Acm Conference on Security and Privacy in Wireless and Mobile Networks (pp. 12–22).

 Google Scholar

Ping, D., Sun, X., Mao, B. (2015). Textlogger: Inferring longer inputs on touch screen using motion sensors. In Proceedings of the 8th Acm Conference on Security & Privacy in Wireless and Mobile Networks (pp. 1–12).

 Google Scholar

Possemato, A., Lanzi, A., Chung, S. P. H., Lee, W., Fratantonio, Y. (2018). Clickshield: Are you hiding something? Towards eradicating clickjacking on android. In Proceedings of the 2018 ACM Sigsac Conference on Computer and Communications Security (pp. 1120–1136).

 Google Scholar

Pham, A., Dacosta, I., Losiouk, E., Stephan, J., Huguenin, K., Hubaux, J.-P. (2019). {HideMyApp}: Hiding the presence of sensitive apps on android. In 28th Usenix Security Symposium (Usenix Security 19) (pp. 711–728).

 Google Scholar

Chen, S., Fan, L., Chen, C., Xue, M., Liu, Y., & Xu, L. (2019). Gui-squatting attack: Automated generation of android phishing apps. IEEE Transactions on Dependable and Secure Computing, 18(6), 1–1. https://doi.org/10.1109/TDSC.2019.2956035

 Web of Science ®Google Scholar

Jia, J., Gong, N. Z. (2018). {AttriGuard}: A practical defense against attribute inference attacks via adversarial machine learning. In 27th Usenix Security Symposium (Usenix Security 18) (pp. 513 – 529).

 Google Scholar

Cai, Y., Tang, Y., Li, H., Yu, L., Zhou, H., Luo, X., … Su, P. (2020). Resource race attacks on android [Paper presentation]. 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (Saner) (pp. 47–58). https://doi.org/10.1109/SANER48275.2020.9054863

 Google Scholar

Son, S., Kim, D., & Shmatikov, V. (2016). What mobile ads know about mobile users [Paper presentation]. In Ndss.

 Google Scholar

Frigo, P., Giuffrida, C., Bos, H., & Razavi, K. (2018). Grand pwning unit: Accelerating microarchitectural attacks with the GPU [Paper presentation]. In 2018 IEEE Symposium on Security and Privacy (sp, (pp. 195–210). https://doi.org/10.1109/SP.2018.00022

 Google Scholar

Amiri Sani, A. (2017). Schrodintext: Strong protection of sensitive textual content of mobile applications [Paper presentation]. Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services (pp. 197–210).

 Google Scholar

Wu, C., He, K., Chen, J., Du, R. (2019). Icauth: Implicit and continuous authentication when the screen is awake. In ICC 2019-2019 IEEE International Conference on Communications (ICC) (pp. 1–6).

 Google Scholar

Fernandes, E., Chen, Q. A., Essl, G., Halderman, J. A., Mao, Z. M., & Prakash, A. (2014). Tivos: Trusted visual i/o paths for android. University of Michigan CSE Technical Report CSE-TR-586-14

 Google Scholar